OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • opnsense blocking openvpn [SOLVED]
« previous next »
  • Print
Pages: [1]

Author Topic: opnsense blocking openvpn [SOLVED]  (Read 5794 times)

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
opnsense blocking openvpn [SOLVED]
« on: November 27, 2016, 07:29:02 am »
Hello, my setup is very basic. It is also unattended for months at a time. Being back from abroad I noticed something is blocking openvpn clients on the lan to server(s) on Internet. Clients will connect to vpn on Internet according to (linux terminal) sudo openvpn --config *.ovpn,  I don't think its a dns problem, because one of my devices uses dnscrypt, and that also does not work. Looking for a obvious setting before I spend half a day or better blindly trying stuff out.

My config's are correct for openvpn client(s) and server(s), tested it out on different network without opnsense in the middle. I'm sure opnsense is blocking it.
« Last Edit: November 28, 2016, 12:20:01 am by cake »
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: opnsense blocking openvpn
« Reply #1 on: November 27, 2016, 07:59:38 am »
You should be able to see what OPNsense blocks from the firewall log.
Maybe something is wrong with your rules on the OpenVPN interface.
Logged

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
Re: opnsense blocking openvpn
« Reply #2 on: November 27, 2016, 09:36:34 am »
Quote from: fabian on November 27, 2016, 07:59:38 am
You should be able to see what OPNsense blocks from the firewall log.
Maybe something is wrong with your rules on the OpenVPN interface.
Thanks, I like the easy rule:pass traffic button in the log area. I have for troubleshooting on both [rules | firewall]  LAN2 and WAN tabs, * * * *  allow every port, source and destination. rebooted, Still blocked in the log, and clicking to make blocked connections with easy rule isn't helping.

I get to "Initialization Sequence Completed" in the openvpn status (fully connected) however no traffic, I can only icmp ping router with opnsense on it, nothing past it. I was hoping for a obvious setting I overlooked. :-) Also I am recieving the push DNS from openvpn server.conf  --> PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ifconfig 10.8.0.122 10.8.0.121'

bewildered
from the log-- "The rule that triggered this action is:

@63 pass out log route-to (em0 192.168.101.1) inet from 192.168.101.183 to ! 192.168.101.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
« Last Edit: November 27, 2016, 09:57:42 am by cake »
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: opnsense blocking openvpn
« Reply #3 on: November 27, 2016, 11:53:58 am »
Quote from: cake on November 27, 2016, 09:36:34 am
from the log-- "The rule that triggered this action is:

@63 pass out log route-to (em0 192.168.101.1) inet from 192.168.101.183 to ! 192.168.101.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"

You should look for pass in rules from your OpenVPN Network / Interface. Can you try this rule in the floating tab:
Code: [Select]
pass in quick inet from your_openvpn_net/netmask to anyto make sure it is not the firewall blocking your traffic. Don't select any interface on the page so the rule is valid for all interfaces.

Kind regards

Fabian Franz
Logged

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
Re: opnsense blocking openvpn
« Reply #4 on: November 27, 2016, 12:14:58 pm »
Thanks for your help Franz. I have **** in the floating tab of firewall already. Its operator error, since nobody else has any issues.
My vps log says lzo compression errors, and I set it up to not use lzo also use the  push lzo no directive.
I think my vps provider is poor, every time they restart it, something gets broke it seems. lol

EDIT: It was problem with openvpn MTU size.
 
« Last Edit: November 28, 2016, 12:19:39 am by cake »
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • opnsense blocking openvpn [SOLVED]
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2