OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • Weird issue with OPNVPN when not on the 1994 port, and Log Live View
« previous next »
  • Print
Pages: [1]

Author Topic: Weird issue with OPNVPN when not on the 1994 port, and Log Live View  (Read 813 times)

mimizone

  • Newbie
  • *
  • Posts: 23
  • Karma: 1
    • View Profile
Weird issue with OPNVPN when not on the 1994 port, and Log Live View
« on: September 24, 2022, 09:35:50 am »
Hello,
I've used OPNSense (and before that pfsense) for many years and have setup multiple OPNVPN servers in the past without problems.
I have installed the latest stable version recently at my new work to support 20 people or so on the network.

While configuring OPNVPN tonight I ran into a weird issue.
My WAN has a main IP, and an Alias IP. My VPN will run on that Alias.

One VPN is on the standard port 1994. One is on another port (1995, 1996 or 1999).
Similar Firewall rules for both on the WAN interface, just the ports differ.

I saw 2 issues tonight:

First one:
- the one on 1994 works perfectly.
- the one on the other port (I tried 1995,1996,1999 just cause I really don't know what's going on) doesn't work.

I see that the firewall blocks the traffic by looking at the Log Live View. It says "Default deny / state violation rule", which is coming from the rule in the Floating section I assume?
But I tried many different crazily permissive Firewall rules on those 3 ports, same protocol, Interface IP etc... I recreated the VPNs multiple times from zero and the firewall rules. So either I am very good at redoing the same mistake over and over again :) or there is something I don't see somewhere. Any clue where to look? It doesn't seem to be a problem with the VPN configuration per se, cause the traffic is completely blocked before it hits it. Only way to make it work if I recall, was to allow all ports on the WAN interface IPs. I tried the same setup on the primary IP of the WAN interface, same problem.

Second issue :
is in the Live View (maybe related to my problem above?).
When I was filtering the logs using dst_port is "1995" (1996 or 1999), protoname is udp,  no lines were showing up. But without the filter I could see those red lines among the traffic. If I use another port number, I can see the conresponding traffic (the 1994, or any other ports). The filtering problem was always with the lines with port of the problematic VPN. Very helpful to me to debug as if can imagine :)

So I don't know what kind of bugs I ran into tonight but I need a break now...
Any insight on where to look to understand what can be wrong here? most probably my setup.  ???
I need to sleep on this :D


Logged

mimizone

  • Newbie
  • *
  • Posts: 23
  • Karma: 1
    • View Profile
Re: Weird issue with OPNVPN when not on the 1994 port, and Log Live View
« Reply #1 on: September 24, 2022, 08:44:29 pm »
It was clearly just a case of me needing new glasses, sleep and food....
 ::)  :P  :-[  :-\  :o

Got everything working as expected!
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • Weird issue with OPNVPN when not on the 1994 port, and Log Live View
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2