4. TLS Authentication Fails

TLS Authentication Fails

  • B

    I have a system where the OpenVPN is connected to the LAN side. Everything works fine until I try to lock down the LAN using the firewall. I opened ports 1194 and 2020 (the OpenVPN port for the VPN). The system continues to work until I restart pfsense. Then I get authentication failure. There are no entries in the firewall log showing that any traffic was blocked from the IP, but if I activate the 'allow any' firewall rule, then the connection completes successfully.

    Using Wireshark, I was able to see that the first message after turning on the 'allow any' rule is a TLS Hello message. This message is being blocked by the firewall rules, somehow. I'm not certain why but it seems that the TLS protocol is blocked.

    I would like to tighten down the rules on the firewall. Is there any way to allow the TLS protocol through without opening up the LAN firewall to everything?

    0
  • B

    Nevermind. I had inadvertently set source to LAN Subnet. It now works perfectly. Thanks!

    0
  • B

    Ignore the previous comment. Unknowingly had connected to the fallback server. It only works if the 'allow any' rule is in effect.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy