OpenVPN w/Websockets - router not allowing web socket traffic
-
Hardware: 2 SG-2440's running 2.2.6
Remote endpoint: AWS Instance with pfSense Virtual routerYou should know: I am not a network guy, I am a software engineer charged with getting this to work.
I have 2 SG-2440's setup. The application at the 2440 side attempts to establish a websocket connection to the AWS instance through the VPN tunnel.
One of the 2440's works, the other does not. Each has a separate CIDR range and each has been issued a unique certificate and client specific override on the AWS pfSense router. I can see the tunnel endpoints and UDP traffic is traversing the tunnel. TCP websocket traffic works on the first router, all attempts on the second router fail.
As a trouble-shooting exercise (and to rule out hardware issues) I have switched the configuration files between the two 2440's. The one with the 10.13.30.0/27 CIDR range works. The other, with CIDR block is 10.13.30.32/27, does not. I have diffed the XML config files for each setup and the only difference is the certs, common name and IP addresses for the CIDR's.
I can provide a lot more detail if need be, I am just puzzled as to why this isn't working. I firmly believe that I must do something with the configuration of the pfSense virtual router in the AWS environment.
Have I done something incorrectly?
-
We found the solution. The websockets didn't have a route back to the AWS instance after the initial request was made. To solve this we added the appropriate CIDR to IPv4 Remote Networks (tunnel Settings under the OpenVPN Client).