I'm trying to connect a OpenVPN Client (on pfSense) to an external OpenVPN Server (also on pfSense) through a Sonicwall !
The client is configured to use 172.16.2.0/24 as the IPv4 Tunnel Network
The Internal network on the OpenVPN Server site is 10.102.10.0/24
The Internal network on the OpenVPN Client site is 192.168.1.0/24
The OpenVPN Server accepts connections from another site that I configured for testing, but there is no Sonicwall in the way there, and everything works there as expected.
Sonicwall has the following Rules/NAT:
The problem is that when the OpenVPN Client attempts to connect, the connection never gets established, and I don't kow enough about Sonicwall to go messing around too much!!Sonicwall Rules:
Name: OVPN-OUT
From: LAN
To: WAN
Source: LAN Subnets
Destin: Any
Service: OpenVPN-1195
Action: Allow
Name: OVPN-IN
From: WAN
To: LAN
Source: Any
Destin: Internal_pfSense
Service: OpenVPN-1195
Action: Allow
NAT Policy:
Name: OVPN
Source Original: Any
Source Translated: Original
Destination Original: WAN Interface IP
Destination Translated: Internal_pfSense
Service Original: OpenVPN-1195
Service Translated: Original
The log entries from pfSense are as follows:
Code: Select all
openvpn 33905 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1572 172.16.2.2 172.16.2.1 init
openvpn 33905 SIGTERM[hard,] received, process exiting
openvpn 91530 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
openvpn 91530 openVPN 2.5.4 amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 12 2022
openvpn 91530 library versions: OpenSSL 1.1.1l-freebsd 24 Aug 2021, LZO 2.10
openvpn 91658 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn 91658 TUN/TAP device ovpnc2 exists previously, keep at program end
openvpn 91658 TUN/TAP device /dev/tun2 opened
openvpn 91658 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1195
openvpn 91658 UDPv4 link local (bound): [AF_INET]89.100.202.218:1195
openvpn 91658 UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1195
openvpn 91658 /sbin/ifconfig ovpnc2 172.16.2.2 172.16.2.1 mtu 1500 netmask 255.255.255.255 up
openvpn 91658 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1572 172.16.2.2 172.16.2.1 init
Cheers