Pfsesne 2.2 OVPN Problems
-
Been using OVPN for quite a while with pfsense with no problems. So much so i've done a fresh install at my home now. I am unable to connect to my OVPN home setup.
I have a OVPN client setup connecting to ipvanish with manual outbound nat. This is working great.
My server to client setup is not working OUTSIDE the network. I can connect to my server no problems within my internal network…
I have the proper rule on the wan interface
IPv4 UDP * * WAN address 1194 (OpenVPN) * none OVPN
The firewall doesn't log any dropped packets. The ovpn logs don't even show the client is even trying even though I packet capture 1194 UDP hitting the wan interface.
Socket is listening 1194
root openvpn 85670 12 udp4 WANIP:1194 :
It's listening for 1194, the packets are getting there, packets aren't being blocked, and the rule exisxts top allow udp 1194. So the packet filter and OVPN logs are totally quiet so I have no way to trouble shoot...Mind blown at this point. I've never even needed help before since it's so straight forward.
-
Go to Diag>States and filter on :1194, is there a state and if so what does it look like?
-
WAN udp WANIP:49155 -> RandomWanAddress:1194 MULTIPLE:MULTIPLE
WAN udp LOCALPCDMZMumble:1194 (WANIP:1194) <- ClientWanIpTryingToConnect:7958 NO_TRAFFIC:SINGLE ??????????????
27MUMBLEDMZ udp ClientWanIpTryingToConnect:7958 -> LOCALPCDMZMumble:1194 SINGLE:NO_TRAFFICok this is odd looking…It's looks as if my Wan Client is getting pushed to my mumble DMZserver
-
Yea so I packet capture the Mumble DMZ port and yes it's getting my ovpn packets…
Here is my Nat rule for mumbleDmz
WAN TCP/UDP * * WAN address Mumble MumbleDMZ_SRV Mumble TCP/UDP Mumble to Media-PC
Now the port alias mumble
Mumble_TCP_UDP 64738 UDP/TCP 64738
This is bizarre...
-
Fixed it! Thank you cmd! By pointing me to the states I was able to troubleshoot the problem! An alias was entered that was specifying IP's not port numbers shooting ALL traffic to my mumble server.
MY alias's have been renamed, but they never Dynamically changed in my NAT policies. I will make a metal note when you change alias names they don't auto change in NAT policies like they do firewall rules.