Extra OpenVPN interface?



  • Sorry for what will probably be a n00b question..

    I have an APU2C4 board (standard 3 ethernet interfaces, only using 2).  I followed some directions to create an OpenVPN server on pfSense so I can VPN into my home remotely.  It works well, but I notice I have two FW interfaces for it. One is called OVPN (which is what I renamed it) and the other is simply OpenVPN which I believe was created when I did the wizard.  Why both?  Can I get rid of one of them?  And if so, how?  Which is used?






  • The OpenVPN is an interface group which is automatically created when you activate an OpenVPN instance, server or client.
    You have assigned an interface to the server instance, this is now a member of the OpenVPN interface group.

    However, you can ignore OpenVPN and define all your firewall rules on the OVPN interface. But consider that also rules on OpenVPN would take effect.



  • OK so it's a phantom loopback or something similar?  I don't see it listed under interface groups.  We just ignore it then? Does everyone get it, or was it the way I configured it?

    yes, I'll put my rules under OVPN.  Thanks!



  • The OpenVPN interface group is inevitably created by pfSense. Since you need to route traffic over your VPN, you had to assign an interface to you OpenVPN server instance additionally.
    The interface group is created one-off when OpenVPN is set up and all OpenVPN instances are unavoidably added to it.



  • OK thank you.


Log in to reply