OpenVPN vs Wireguard don't give me the same results (2024)

Hello everyone,

I've searched the forum, but I haven't found the "same problem" (my English isn't good, so I can't say that there isn't already a topic on "my" problem.

Here's my "problem" and, above all, my question about how to get everything to work the same way.

I have a "home automation" application on my phone (Android). If I launch it with Wireguard running -> everything works.

If I launch it with OpenVPN running -> the same app doesn't work.
For the record, I can connect with either OpenVPN or Wireguard, and I can access the GUI of my Pfsense without any problem.

I really don't understand why OpenVPN can't work like Wireguard. As I have a Netgate 8200, I prefer to use OpenVPN, which is well supported on Netgate devices, with the added benefit of DCO.

Would you have any ideas where I could look for the source of my problem?
Thanks for all your ideas and advice.

I started with two "no-name" pfsense, one for use at home and the other as a backup in case of problems (which can happen when you're new to pfsense).
... And now I'm living with a Netgate 8200
... And sorry for my bad English...

@SwissSteph said in OpenVPN vs Wireguard don't give me the same results:

I have a "home automation" application on my phone (Android). If I launch it with Wireguard running -> everything works.

If I launch it with OpenVPN running -> the same app doesn't work.
For the record, I can connect with either OpenVPN or Wireguard, and I can access the GUI of my Pfsense without any problem

This is not really much information.

Which client do you use to connect?

Do you access the HA with the IP or with host name?

How did you configure the OpenVPN server? Did you use the wizard?
Did you add the local network in the OpenVPN server settings?
Best to show all settings.

@viragomann

Sorry for the shortcomings.

In my test example, I use "OpenVPN Connect" and "WireGuard" APPS on my Android phone to connect my VPN tunnels.

I have the impression that the problem could be in the rules on my Pfsense, but I'm at a loss to know where to look in order to test and see, by elimination, the source of the problem.

I started with two "no-name" pfsense, one for use at home and the other as a backup in case of problems (which can happen when you're new to pfsense).
... And now I'm living with a Netgate 8200
... And sorry for my bad English...

@Jarhead
Sorry.

My "Home Automation" application manages to connect and therefore work when I am with my Wireguard VPN and does not work when I am with my OpenVPN VPN (I have the DCO function set up) the message (from the APPS) is "unable to connect".

Don't hesitate to ask me for details that might help pinpoint the problem, again I have no idea how to isolate each element to get to the source of the problem.

I'm already very happy to have succeeded in installing two VPNs (OpenVPN and Wireguard) which work very well, except in certain situations including this application.

According to my "understanding" with a VPN, the application "believes" that I'm actually at home (Wireguard) and the other one doesn't (OpenVPN).

I started with two "no-name" pfsense, one for use at home and the other as a backup in case of problems (which can happen when you're new to pfsense).
... And now I'm living with a Netgate 8200
... And sorry for my bad English...

@SwissSteph Post screenshots of your firewall rules. That would be the first, obvious, choice.
Also post your openvpn config shots.

When connected by openvpn, can you get anywhere? Acess the pfSense gui for instance?

@Jarhead

From my phone I can access the Pfsense graphical interface.

I think I can access the other interfaces, but I'm not sure I can say for sure.

Here are a few captures, thanks for your help

I started with two "no-name" pfsense, one for use at home and the other as a backup in case of problems (which can happen when you're new to pfsense).
... And now I'm living with a Netgate 8200
... And sorry for my bad English...

@SwissSteph Looks like you added an interface for OpenVPN (OpenVPN_VPN), you will need to add rules there too. I believe the OpenVPN group interface takes precedence, then the added interface. Gonna find the doc now.

https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/assign.html

"Note

Rules on assigned interface tabs are processed after rules on the OpenVPN tab. To match the rules on an assigned VPN tab, the traffic must not match any rules on the OpenVPN tab. Remove any “Allow All” or “Block all” style rules from the OpenVPN tab and craft more specific rules instead."

Or, since you have no rules on it, just delete the interface.

@Jarhead
I have the same style of configuration for the "Wireguard" tab where there are rules put in and the "Wireguard_VPN" tab where I also have no rules in it.

From memory, I had to create it this way because something wasn't working ... but now I can't remember what exactly.

EDIT:
I deleted "OpenVPN_VPN" but no better, my problem is still there ... fortunately the "Boot Environments" exist, I was able to go back to my original situation without any problem (so back with "OpenVPN_VPN")

EDIT 2:

I may have found the source of my problems and if so, I'll have to do some more tests soon, I'm ashamed ... my problem would rather be in the firewall of my Android phone.

If that's the case, I apologize for my request and thank you so much for all the advice you've given me!

I started with two "no-name" pfsense, one for use at home and the other as a backup in case of problems (which can happen when you're new to pfsense).
... And now I'm living with a Netgate 8200
... And sorry for my bad English...