I have a problem with my pfSense box. I built a pfSense box bases on an alix APU board. Works perfectly fine. But I have one problem: I just can’t get some ports open.
My setup: the pfbox gets its WAN-IP through PPPoE from my Swisscom (ISP in Switzerland). pfsense is running on 2.2.4
I created an OpenVPN Server on my pfsense then I wanted to open the port for my OpenVPN Server. I did not used the standard-port 1194. I used 10337 and some others. When I run an nmap portscan of my notebook that is connected through my mobile hotspot (so not in the same LAN) I can see my opened Port. Strangely I see Port 80 and 53. But I did not open those. I thought that nmap is scanning my Swisscom Router-thingy but nmap actually did recognized the OS, FreeBSD. So it scans the pfbox.
That wan address isn't a public IP, are you behind another router? If so you'll need to forward the port on that router or set the pfsense machine as the DMZ.
You need to set up a NAT ALONG with a firewall rule allowing that port in (they'll mimic each other). I couldn't get my Murmur server to work properly until I did this.
Let me know how you get along - I can help you more when I'm at home.
Not in this case as the VPN server is on the pfsense box, you only need to open the port on wan.
If you are sure that you are not behind a router and your wan address is a public IP then make sure the wan rule is set as I described with the destination set to 'wan address' not the actual ip but the option that says wan address. Then make sure that in your openvpn config the interface is set to wan.
If all that is set correctly make sure that openvpn is actually running and there aren't any errors in the log.
If that's all good then it should be working. When you test it have you actually tried connecting to the server or are you just doing a port scan with nmap?
Thanks fot the help! I disabled TLS auth. on both client and server. I still get the error. I'll change to another swisscom router soon. maybe this will work - hopefully it allows me to bridge it like my current one. Thanks y'all for the help!
So a long time has passed since my last post and lots of things have changed.
I got a new router from my ISP, changed it to bridged mode. I updatet my pfSense to the latetst 2.2.6 build. I'm still not able to open ANY Ports. I have opened lots of diffrent ports and my nmap does not see them. Also my OpenVPN does not work. The logs says TLS authentication failed, the client to. I checked my OpenVPN installation a dozen times and I reinstalled it a few times with new certificates. On the pfSense docs theirs a thread about problems with OpenVPN Connection failed. All things on this list im pretty shure I got right except for one - the defined port must be open. And I can't open any ports
EDIT: strange thing is I'm able to allow ICMP traffic to the router for pings...
OpenVPN LOG:
I connected to the vpn from my internal network, but I get the same error when I'm connecting from outside.
Jan 6 20:46:11
openvpn[20565]: 10.10.10.136:51312 TLS Error: TLS handshake failed
Jan 6 20:46:13
openvpn[20565]: 10.10.10.136:51313 TLS Error: TLS key
negotiation failed to occur within 60 seconds (check your network
connectivity)
Jan 6 20:46:13
openvpn[20565]: 10.10.10.136:51313 TLS Error: TLS handshake failed
Jan 6 20:46:15
openvpn[20565]: 10.10.10.136:51314 TLS Error: TLS key
negotiation failed to occur within 60 seconds (check your network
connectivity)
Jan 6 20:46:15
openvpn[20565]: 10.10.10.136:51314 TLS Error: TLS handshake failed