0

I have an OpenVPN server on pfSense with a public IP address. Through it, I will grant access to a local network. So far, I can connect an iOS device with OpenVPN Connect to my OpenVPN server.

In Safari, I can enter the private address of my pfSense machine, and see the login page of the web configurator. However, on the same private network there is an Apache2 server which I can access if I am directly connected to the local network, but I cannot see the webpage if I use my iOS device through the VPN.

Currently, the pfSense Firewall rule (on top of all other rules) that I set to attempt to grant full access to a VPN client is this:

Firewall/Rules/OpenVPN

Protocol: IPv4 TCP
Source: *
Port: *
Destination: *
Port: *
Gateway: *

I know this is not a safe rule, but I just wanted to try to see if it allowed me to reach my Apache web server. However, it didn't.

What is the appropriate rule to achieve this purpose?

I will appreciate any help you can provide.

UPDATE 1

I have tried the following rule edits, but none has worked:

Having Protocol: IPv4 TCP and Gateway: *

Source: LAN net
Port: *
Destination: *
Port: * 

Source: *
Port: *
Destination: LAN net
Port: * 

Source: Local network
Port: *
Destination: *
Port: * 

Source: OpenVPN server local IP
Port: *
Destination: *
Port: * 

Source: Tunnel Network (doesn't overlap with local network)
Port: *
Destination: *
Port: * 

Protocol: IPv4 * 
Source: Tunnel Network (doesn't overlap with local network)
Port: *
Destination: *
Port: *

UPDATE 2

I have not created the OPT1 interface. Perhaps this is something I should do.

UPDATE 3

Among other things that I have tried I that didn't work: - Changed the OpenVPN protocol from TCP to UDP - Switched from tun mode to tap mode - Added a static route (which I read is not recommended)

UPDATE 4

Added a Firewall/NAT/Port Forward like this:

Interface: WAN
Protocol: TCP/UDP
Source address: *
Source ports: 443, 993, 1194
Dest. address: *
Dest. ports: 443, 993, 1194
NAT IP: OpenVPN server local IP address
NAT ports: 443, 993, 1194

In an attempt to fix the problem as suggested in this web page: https://openvpn.net/index.php/open-source/faq/79-client/253-tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity.html

David
  • 121
  • 1
  • 7
  • If the allow all from everywhere to everywhere wasn't enough to make it work, have you considered the problem might be somewhere else than the firewall? – Esa Jokinen Jun 11 '17 at 12:31
  • Hi @EsaJokinen, I just read this source (https://forum.pfsense.org/index.php?topic=72902.0) and realized I had not created the OPT1 interface. Do you think this had to do with it? – David Jun 11 '17 at 12:36

0 Answers0