31
General Discussion / Cannot get response from OpenVPN server
« on: July 11, 2020, 10:15:01 pm »
Since migrating to my new firewall where most things have restore nicely and other things needed tweaking e.g. installing missing plug-ins, one thing I cannot get to work any more is OpenVPN. The service simply does not respond to any connections and it seems to be ignoring the firewall rule.
I've tried at least 5 times to reconfigure OpenVPN from scratch and nothing seems to help. According to rules. debug file the rule is there and appears to be correct. The only thing I do after it is generated is to move it above my catch-all rule as I have done with the numerous other service rules, but it's still ignored. This is the rule with the one that follows it:
pass in log quick on pppoe0 reply-to ( pppoe0 nnn.nnn.nnn.1 ) inet proto udp from {any} to {(pppoe0)} port {1194} keep state label "b421bf32c395b0dd6fee90d8e986dfd7" # : OpenVPN MyDomain VPN wizard
pass in log quick on pppoe0 reply-to ( pppoe0 nnn.nnn.nnn.1 ) inet from {any} to $HIBBERT label "0cc733839caa3b3bfdfb4a76bd530780" # : Divert to Honeypot
Attached screenshot is the logged information when the second rule actions the connection and of course does not respond.
I have also tried creating the rule manually, setting the OpenVPN rule to "any" interface and also to one of the others with no effect.
Any ideas?
OPNsense 20.1.8_1-amd64
FreeBSD 11.2-RELEASE-p20-HBSD
LibreSSL 3.0.2
I've tried at least 5 times to reconfigure OpenVPN from scratch and nothing seems to help. According to rules. debug file the rule is there and appears to be correct. The only thing I do after it is generated is to move it above my catch-all rule as I have done with the numerous other service rules, but it's still ignored. This is the rule with the one that follows it:
pass in log quick on pppoe0 reply-to ( pppoe0 nnn.nnn.nnn.1 ) inet proto udp from {any} to {(pppoe0)} port {1194} keep state label "b421bf32c395b0dd6fee90d8e986dfd7" # : OpenVPN MyDomain VPN wizard
pass in log quick on pppoe0 reply-to ( pppoe0 nnn.nnn.nnn.1 ) inet from {any} to $HIBBERT label "0cc733839caa3b3bfdfb4a76bd530780" # : Divert to Honeypot
Attached screenshot is the logged information when the second rule actions the connection and of course does not respond.
I have also tried creating the rule manually, setting the OpenVPN rule to "any" interface and also to one of the others with no effect.
Any ideas?
OPNsense 20.1.8_1-amd64
FreeBSD 11.2-RELEASE-p20-HBSD
LibreSSL 3.0.2