Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN w/Websockets - router not allowing web socket traffic

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FCJay
      last edited by

      Hardware: 2 SG-2440's running 2.2.6
      Remote endpoint: AWS Instance with pfSense Virtual router

      You should know: I am not a network guy, I am a software engineer charged with getting this to work.

      I have 2 SG-2440's setup. The application at the 2440 side attempts to establish a websocket connection to the AWS instance through the VPN tunnel.

      One of the 2440's works, the other does not. Each has a separate CIDR range and each has been issued a unique certificate and client specific override on the AWS pfSense router. I can see the tunnel endpoints and UDP traffic is traversing the tunnel. TCP websocket traffic works on the first router, all attempts on the second router fail.

      As a trouble-shooting exercise (and to rule out hardware issues) I have switched the configuration files between the two 2440's. The one with the 10.13.30.0/27 CIDR range works. The other, with CIDR block is 10.13.30.32/27, does not. I have diffed the XML config files for each setup and the only difference is the certs, common name and IP addresses for the CIDR's.

      I can provide a lot more detail if need be, I am just puzzled as to why this isn't working. I firmly believe that I must do something with the configuration of the pfSense virtual router in the AWS environment.

      Have I done something incorrectly?

      1 Reply Last reply Reply Quote 0
      • F
        FCJay
        last edited by

        We found the solution. The websockets didn't have a route back to the AWS instance after the initial request was made.  To solve this we added the appropriate CIDR to IPv4 Remote Networks (tunnel Settings under the OpenVPN Client).

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.