Firewall rules tab for non-assigned interface
-
Hi there,
I seem to have a firewall rules tab for a non-assigned interface:
Assigned interfaces:
When i DO assign, enable and rename the interface to OpenVPN, i get a second tab for OpenVPN, but then with all caps:
Anyone seen this before?
Thanks!
-
This is a group tab which appears after adding some OpenVPN Server or Client instance.
-Rico
-
@rico Thanks. Could you explain a bit more on that? What's it for? I don't have any interface group.
Thanks
-
In your second screenshot we see you added NordVPN as OpenVPN Client, this is why you get the OpenVPN Group tab.
Rules placed there apply to all OpenVPN instances. In pfSense Group tabs are processed before single Interface tabs in Firewall Rules.-Rico
-
@rico Wow, i totally missed that, even though it's clearly mentioned in the documentation (even in the firewall basics) i see now. Sometimes I feel like such a noob :)
Thanks for the quick response!
-
BTW even if you have the OpenVPN Group tab empty it is already doing some work for you by actively blocking all incoming requests. And this is probably what you want by default when connecting to some VPN provider.
-Rico
-
I'm quite new to to VPN, just started testing some things, but is why is that blocking needed if you don't have an interface assigned?
Are VPN group/interface tabs more or les like the wan/lan tabs? Where you block incoming requests for the VPN on the group tab and restrict outgoing traffic on the VPN interface tab?
-
Check out https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html
-Rico
-
That's a great link that clarifies some things (my basic understanding in my previous comment seems correct), thanks!
Still wrapping my head around the parts in slide 15 & 16. When my loud kids are in bed, i'll check if the video explains that part simple enough for me :)
