Filter OpenVPN interface

johbra · Mar 12, 2009, 5:01 AM

To create a OpenVPN filter in the GUI and be able to crete rules for that interface i have edited the get_interface_list function in /etc/inc/util.inc. When i do this i can create a OpenVPN interface and create rules for that interface. The problem is that the rules i create don't apply.
Below is a description of what i've added to the bottom of the get_interface_list function.

Is it possible to enable filtering this way?

$toput = array( "mac" => "00:e0:18:9a:c9:10", "up" => TRUE );
$toput['ipaddr'] = "192.168.113.1";
$toput['friendly'] = "opt3(ovpn1)";
$iflist['tun0'] = $toput;

Cry Havok · Mar 12, 2009, 12:04 PM

As has been mentioned many times, that isn't supported under 1.2. I'm not sure it will be supported under 2.0, but if you search you'll find out.

johbra · Mar 13, 2009, 3:17 PM

Maybe i was a bit unclear. I'm editing the actual php code generating the gui to enable filtering. My question is: Is the solution i have presented possible?

Cry Havok · Mar 13, 2009, 10:01 PM

Probably not, because there will be more than just the GUI involved. If it was just a case of a GUI hack then it would probably have been in 1.2.x already.

johbra · Mar 25, 2009, 9:51 PM

so…yesterday i uppgraded my firewall to 1.2.3 and now the tun interfaces (OpenVPN interfaces) show up in the GUI. I've adde them as optional interfaces. The thing is when i create rules for these interfaces nothing happens so i guess this is not supported? But...when i look in the firewal logs, i can se the occational packet beeing blocked on the tun0 or tun1 interface?

Is there anyone who can bring some light as to why the tun interfaces show up in 1.2.3 and if they can be filtered?

I just ran the command "pfctl -sr" on my pfsense box and it seems that the rules i've created for the tun interfaces are there. I'm no master of pf so i will have to spend some time decoding this printout.