5. Pfsesne 2.2 OVPN Problems

Pfsesne 2.2 OVPN Problems

  • Y

    Been using OVPN for quite a while with pfsense with no problems. So much so i've done a fresh install at my home now. I am unable to connect to my OVPN home setup.

    I have a OVPN client setup connecting to ipvanish with manual outbound nat. This is working great.

    My server to client setup is not working OUTSIDE the network. I can connect to my server no problems within my internal network…

    I have the proper rule on the wan interface

    IPv4 UDP * * WAN address 1194 (OpenVPN) * none OVPN

    The firewall doesn't log any dropped packets. The ovpn logs don't even show the client is even trying even though I packet capture 1194 UDP hitting the wan interface.

    Socket is listening 1194

    root openvpn 85670 12 udp4 WANIP:1194 :

    It's listening for 1194, the packets are getting there, packets aren't being blocked, and the rule exisxts top allow udp 1194. So the packet filter and OVPN logs are totally quiet so I have no way to trouble shoot...Mind blown at this point. I've never even needed help before since it's so straight forward.

    0
  • C

    Go to Diag>States and filter on :1194, is there a state and if so what does it look like?

    0
  • Y

    WAN udp WANIP:49155 -> RandomWanAddress:1194 MULTIPLE:MULTIPLE
    WAN udp LOCALPCDMZMumble:1194 (WANIP:1194) <- ClientWanIpTryingToConnect:7958 NO_TRAFFIC:SINGLE ??????????????
    27MUMBLEDMZ udp ClientWanIpTryingToConnect:7958 -> LOCALPCDMZMumble:1194 SINGLE:NO_TRAFFIC

    ok this is odd looking…It's looks as if my Wan Client is getting pushed to my mumble DMZserver

    0
  • Y

    Yea so I packet capture the Mumble DMZ port and yes it's getting my ovpn packets…

    Here is my Nat rule for mumbleDmz

    WAN TCP/UDP * * WAN address Mumble MumbleDMZ_SRV Mumble TCP/UDP Mumble to Media-PC

    Now the port alias mumble

    Mumble_TCP_UDP 64738 UDP/TCP 64738

    This is bizarre...

    0
  • Y

    Fixed it! Thank you cmd! By pointing me to the states I was able to troubleshoot the problem! An alias was entered that was specifying IP's not port numbers shooting ALL traffic to my mumble server.

    MY alias's have been renamed, but they never Dynamically changed in my NAT policies. I will make a metal note when you change alias names they don't auto change in NAT policies like they do firewall rules.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy