Problems with blocked TUNx
-
This doesnt make much sense since the rules are present.
Try clicking on the red x to the left of the block item and let pfSense tell you which rule is blocking the traffic and report back.
Also try this from a shell:
pfctl -sr | grep tun
-
The block is the default block all rule.
I think that there should be a rule like this:-
pass out quick on tun1 all keep state label "let out anything from firewall host itself openvpn"
but it does not appear to have been created - it wasn't in the post 'cos it wasn't in the rules.debug file or when I ran the command line.
-
Try this after a reboot from a shell:
/etc/rc.filter_configure_sync
Then check to see if the rule is loaded.
-
Tried that and everything appears to be the same - the tun2 has an in and out rule but the tun1 only has an in rule
-
Check your logs, do you see
Not adding default pass in rule for interface $friendlytunif - tun{$x} with a gateway
-
Just commited a change. Please try a snapshot about an hour from now.
-
Cheers - and thanks for all you do - I certainly could not do my job without it.
Will have to wait till morning - its 10:30pm here and I'm sat on the sofa watching CSI and sort of working!
-
Will need to do a little more testing when I get to work - the OpenVPN that I need to test is not currently up!
However, the rules do not appear to have changed.
Having had a quick look, if the time on the forum matches the time on the snapshot server there has not been a snapshot build since you commited your change. will keep my eye on it and get the next build when it appears.
-
Done some more testing and still the same - so I guess I have not got a snapshot with the changes in.
-
Snapshots where not building over night which was my fault. They should be building now.
-
Cheers - just upgraded to it and it does the job. Thanks
-
Yay! Thanks for reporting back.