OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: lebernd on December 12, 2022, 10:31:29 am

Title: Default deny / state violation rule hits openvpn
Post by: lebernd on December 12, 2022, 10:31:29 am: Hi @all,

I'm running into a default deny issue on my openvpn servers I can not debug.

I have changed the hardware yesterday and imported the last config (changed the interface names by find and replace from igb to the detected igc). Everything is working as expected, ipsec, wireguard, haproxy etc. Only my openvpn servers on wan are no longer reachable for their endpoints.
The firewall rule on wan is running, expecting to pass traffic. But it won't hit the connection as before. Why?

I am really not sure if this hardware change has even something to do with it. But the timely connection is there.

Best, thank you for helping out,
Bernd
Title: Re: Default deny / state violation rule hits openvpn
Post by: lebernd on December 12, 2022, 07:17:57 pm: As it is no longer a problem, I cannot reproduce it...

The "solution" was in some changes to the firewall rule:
- the alias for the internet host was saved as URL(IPs). Changing this to Host(s) - did the trick I think.
- But I also changed the Destination in the rule from WAN address to any.

Anyway the openVPN comes up and now I cannot revert this. In a strange way. Even a reimport of the config-file I used after the installer isn't reproducing the issue.

So long, thanks for reading,
Bernd

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy