Jump to content
Not connected, Your IP:

Recommended Posts

While I'm sure this is a configuration issue or at least restricted to pfSense, I want to present my scenario for input. I have my pfSense router (2.4.5) setup for multiple connections to AirVPN and those connections are configured as a gateway group. The router has a single VLAN to send traffic through Air's servers and a single VLAN for a guest network that goes through the clearnet. The setup works beautifully. I want to setup an OpenVPN server on the same pfSense router to allow remote access to my network when needed. I actually have done this and thus have an OpenVPN server and 3 clients running simultaneously on the router with no issues, except 1. I actually didn't even catch this issue until troubleshooting something else. Port forwarding through the Air tunnels no longer function properly. My services that require the ports I've opened on Air's end are no longer reachable. The moment I shut the server down and remove it, everything functions again fine.

Creation of the server only creates a single firewall rule and that's to allow incoming traffic on that connection, via the WAN. I see no other rules that would pre-empt my local port forwards. Stressing again before it is pointed out that I'm sure it's nothing on AIr's end, but as the server is a slight need, but my connections to Air are a must, I figured this might be a good place for input or feedback.

Share this post

Link to post

Nothing is more frustrating or satisfying simultaneously than answering your own questions. Apologize for another thread clogging up the forums unnecessarily, but I had been at this for a while and saw no mention of the issue. Turns out that pfSense's OpenVPN wizard for creating a server puts the allow inbound traffic firewall rule on the main OpenVPN tab, rather than the actual newly created server's LAN. So it was hijacking all traffic on any interface or LAN using OpenVPN, including my AIr connections. As many times as I had plugged away at this issue, I only just now realized it did that. Moving it over to the actual server's LAN resolved it.

FWIW, I appreciate the reply to at least say you had read my question.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...