Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filtering with OpenVPN when upgrading from 1.2.3

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • belleraB
      bellera
      last edited by

      The migration has some confusion points…

      Scenario

      OpenVPN servers with tun interfaces assigned as OPT interfaces.
      Rules for these OPT interfaces, in order to filter traffic.
      (Official pfSense Book, page 323)

      Migrated to 2.0 or 2.0.1 loading config.xml

      Result

      • New OpenVPN tag at Rules with a new rule that authorizes EVERYTHING. Be careful !!!
      • OPT interfaces assigned to my LAN interfaces (?). In fact, they seem to be assigned, but there are not.
      • OPT interfaces disabled. WebGUI shows as enabled, but they aren't assigned. So, the dashboard says that they are disabled.

      Solution

      • Reassigned my OPT interfaces to my OpenVPN interfaces. Now they are showed as OpenVPN at interface assign. This is a good change.
      • I didn't need to activate it. After reassignet they were working.
      • I disabled the default rule at Rules OpenVPN tag. This tag is a good feature for new installations…

      Regards,

      Josep Pujadas

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The main OpenVPN tab rules do not apply to properly assigned OpenVPN interfaces, so that is really a non-issue

        The book recommends, and the upgrade code only checks, that your tun interface is assigned if you hardcode the device with a config directive such as "dev tun10;" in your custom options. I didn't see that in your config.

        That said, there was a bug in the code that located the assigned tun interface when specified, so I committed a fix for that.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          And an an added bonus, I found that when compression was off on 1.2.3, it ended up turned on in 2.0, so I fixed that as well.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.