Hello All
I had OpenVPN running fine and one day it would no longer connect. I spent a couple of hours researching and trying to come up with a reason why but got frustrated and deleted the server, all certs and all users and will start from scratch.
For the purposes of putting together a cheat sheet for future reference and in the event that I need some help can someone recommend a source (video, step by step instructions, etc) I can use to configure my setup for use with OpenVPN I didnt bookmark the one I previously used.
I tried using the Netscape docs but for some reason it is confusing (my learning disability probably) but am happy to force myself if this is the best resource.
I am setup with ddns.net and it is active and can be pinged.
Ok I have gone through the video and did exactly what Tom did (I think) and I am unable to connect. So to summarize I setup the vpn server, I created 2 certs 1 for the server 1 for the user, I exported the client cert to an IOS device, entered username and password and the client never connected.
I pasted the system log output for fyi, this was captured at the time the ios client was trying to authenticate/connect. I have also included the various screenshots showing what has been created per the instructions.
.114.11 is the pfsense wan interface, the .200.x is the reserved ip range for vpn clients, .221.46 is the ip address for the ios device assigned by the provider and from which I am doing testing, I have the ddns service up and running and can ping from ios device.
Originally when setup I could not see the ios device ip in the logs, but when I pinged the ddns address from the ios device the ip began to appear in the log, this is wierd but it now shows up.
I feel like it is a firewall rule but from what I can tell the firewall is open to the open vpn port and wildcards should allow the traffic to pass. Maybe I have been looking at this too long and I cant see the problem or solution.
My desire is to have the vpn accessible from whatever device I am using at the moment and from whatever location I am at (public wifi, work wifi, cellular provider assigned ip, etc).
Thanks in advance for your input.
PS…Not sure if this will be viewable as I had to merge all the jpegs as the site wont allow me to add more than 1 file since it says I am, a new user but have been on here for a while.
Did you use the openvpn client export utility? Which option? Did you try connecting through a different device such as a laptop? You will get a connect log file there from the vpn app on your laptop.
Thanks for the followup Dude. Some new developments so let me update as to where we are. When connected to the local network I can now connect to the VPN but when I turn off the wifi and use cellular data I can not connect so I am thinking it is a rules issue but since setting up rules is an area where I am not comfortable and do not want to make a change that compromises the network I could use some input. In answer to your questions yes I used the utility not sure what option you are referring to, I left everything as default and downloaded the iOS/Android configuration which I imported into the ios device. I have not yet tried another device but will at some point try it on my laptop as that is one of the devices that I want to connect to my VPN.
Do you have outbound NAT rules in place ?
The rules on the WAN perhaps swap them round, not sure if that will work, but I tend to have allow what I want rules followed by block everything else.
Then check you have exported the certs correctly for your device, test also with a laptop.
Hi Neogrid appreciate the reply. I have not manually setup any NAT rules, everything is pretty much as it was when first installing PFS or OpenVPN in that respect. I have included screenshots of the FW rules which may provide some insight. Apologies for the format, the forum wont allow me to post more than one image per reply so I have to try and squeeze everything in on one slide. My ultimate objective is to access the network via VPN regardless of device type or ip address (obviously) as long as the ssl/tls and user authentication match. Let me know if you have any other questions or insight.
PS…When I do use the laptop to test I am expecting it to not have an issue as I would be testing using the local network. I could tether it to my ios hotspot and test as well but am expecting the same result as the ios device itself but will update the outcome when I get to that point.
Interesting. I never used the iOS OpenVPN app, I always use my laptop, tethered to my iPhone and that works well. So today I exported an iOS package and even though I get a connection, it’s painfully slow. Like two minutes to load the pfSense dashboard.
When connected it was quick, I actually seemed to get better speeds when using the vpn over cell than cell itself. I did find the issue preventing the connection and it is pfblockerNG, once disabled I was able to connect now i just need to find out how to resolve the connection issue and still allow PFB to run.
Yes the wizard takes care of all firewall rules, so that could come as a surprise if you’re used to creating VPNs manually.
Maybe my phone needs different MTU or other settings to run the vpn connection smoothly. May need to dive in a little deeper there.
@rjp01 im glad you found the cause of your issue. I’m thinking how pfb could interfere here. It would help to know how you set it up and which block lists you are using.
Yeah its exciting when you stumble across a solution but I am not sure out of the woods yet. I may have found a vaccine but still dont know if the results are permanent or if I need to find a cure.
