OpenVPN w/Websockets - router not allowing web socket traffic



  • Hardware: 2 SG-2440's running 2.2.6
    Remote endpoint: AWS Instance with pfSense Virtual router

    You should know: I am not a network guy, I am a software engineer charged with getting this to work.

    I have 2 SG-2440's setup. The application at the 2440 side attempts to establish a websocket connection to the AWS instance through the VPN tunnel.

    One of the 2440's works, the other does not. Each has a separate CIDR range and each has been issued a unique certificate and client specific override on the AWS pfSense router. I can see the tunnel endpoints and UDP traffic is traversing the tunnel. TCP websocket traffic works on the first router, all attempts on the second router fail.

    As a trouble-shooting exercise (and to rule out hardware issues) I have switched the configuration files between the two 2440's. The one with the 10.13.30.0/27 CIDR range works. The other, with CIDR block is 10.13.30.32/27, does not. I have diffed the XML config files for each setup and the only difference is the certs, common name and IP addresses for the CIDR's.

    I can provide a lot more detail if need be, I am just puzzled as to why this isn't working. I firmly believe that I must do something with the configuration of the pfSense virtual router in the AWS environment.

    Have I done something incorrectly?



  • We found the solution. The websockets didn't have a route back to the AWS instance after the initial request was made.  To solve this we added the appropriate CIDR to IPv4 Remote Networks (tunnel Settings under the OpenVPN Client).