pfSense/OpenVPN

[SumRndmDude 22]

While I'm sure this is a configuration issue or at least restricted to pfSense, I want to present my scenario for input. I have my pfSense router (2.4.5) setup for multiple connections to AirVPN and those connections are configured as a gateway group. The router has a single VLAN to send traffic through Air's servers and a single VLAN for a guest network that goes through the clearnet. The setup works beautifully. I want to setup an OpenVPN server on the same pfSense router to allow remote access to my network when needed. I actually have done this and thus have an OpenVPN server and 3 clients running simultaneously on the router with no issues, except 1. I actually didn't even catch this issue until troubleshooting something else. Port forwarding through the Air tunnels no longer function properly. My services that require the ports I've opened on Air's end are no longer reachable. The moment I shut the server down and remove it, everything functions again fine.

Creation of the server only creates a single firewall rule and that's to allow incoming traffic on that connection, via the WAN. I see no other rules that would pre-empt my local port forwards. Stressing again before it is pointed out that I'm sure it's nothing on AIr's end, but as the server is a slight need, but my connections to Air are a must, I figured this might be a good place for input or feedback.

[go558a83nk 364]

I wish I could help but I have no idea.

[SumRndmDude 22]

Nothing is more frustrating or satisfying simultaneously than answering your own questions. Apologize for another thread clogging up the forums unnecessarily, but I had been at this for a while and saw no mention of the issue. Turns out that pfSense's OpenVPN wizard for creating a server puts the allow inbound traffic firewall rule on the main OpenVPN tab, rather than the actual newly created server's LAN. So it was hijacking all traffic on any interface or LAN using OpenVPN, including my AIr connections. As many times as I had plugged away at this issue, I only just now realized it did that. Moving it over to the actual server's LAN resolved it.

FWIW, I appreciate the reply to at least say you had read my question.