OpenVPN w/Websockets - router not allowing web socket traffic

  • Hardware: 2 SG-2440's running 2.2.6
    Remote endpoint: AWS Instance with pfSense Virtual router

    You should know: I am not a network guy, I am a software engineer charged with getting this to work.

    I have 2 SG-2440's setup. The application at the 2440 side attempts to establish a websocket connection to the AWS instance through the VPN tunnel.

    One of the 2440's works, the other does not. Each has a separate CIDR range and each has been issued a unique certificate and client specific override on the AWS pfSense router. I can see the tunnel endpoints and UDP traffic is traversing the tunnel. TCP websocket traffic works on the first router, all attempts on the second router fail.

    As a trouble-shooting exercise (and to rule out hardware issues) I have switched the configuration files between the two 2440's. The one with the CIDR range works. The other, with CIDR block is, does not. I have diffed the XML config files for each setup and the only difference is the certs, common name and IP addresses for the CIDR's.

    I can provide a lot more detail if need be, I am just puzzled as to why this isn't working. I firmly believe that I must do something with the configuration of the pfSense virtual router in the AWS environment.

    Have I done something incorrectly?

  • We found the solution. The websockets didn't have a route back to the AWS instance after the initial request was made.  To solve this we added the appropriate CIDR to IPv4 Remote Networks (tunnel Settings under the OpenVPN Client).

Log in to reply