Messages

1

Virtual private networks / Re: OpenVPN ignoring Firewall Rules

« on: July 12, 2024, 03:46:19 pm »

My issue ended up being MTU setting, lowering it made everything work.  What led me to finally figure it out was noticing that only tiny ssh packets were making it through, even trying to run 'top' via ssh failed.

You may want to investigate the setting, good luck.

2

Virtual private networks / Re: OpenVPN ignoring Firewall Rules

« on: July 12, 2024, 12:16:30 am »

I'm having a similar issue, it's been driving me crazy.  I'm trying to setup an openvpn roadwarrior server that allows clients to access a single VLAN.  I can send traffic into the VLAN from the clients but traffic coming out gets blocked with a "Default deny / state violation rule", and the rule number being referenced is my final "pass to anywhere" rule.  I check in the FW state table and there is none for my vpn traffic.  There is something weird going on with the fw states for openvpn, I can ssh to a server and do cli stuff via the vpn client but can't load any web pages. 

I've tried about everything I can think of, giving both the VLAN and openvpn interfaces wide open firewall rules, using the CIDR for the VPN network isntead of the built in alias, using legacy openvpn "server" instead of "instances", assigning an interface for the openvpn server and adding the fw rules there, adding NAT even though I shouldn't need it, creating a pass all rule on the loopback interface, probably some other things I've forgotten but it just won't work.