Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filter OpenVPN interface

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johbra
      last edited by

      To create a OpenVPN filter in the GUI and be able to crete rules for that interface i have edited the get_interface_list function in /etc/inc/util.inc. When i do this i can create a OpenVPN interface and create rules for that interface. The problem is that the rules i create don't apply.
        Below is a description of what i've added to the bottom of the get_interface_list function.

      Is it possible to enable filtering this way?

      $toput = array( "mac" => "00:e0:18:9a:c9:10", "up" => TRUE );
      $toput['ipaddr'] = "192.168.113.1";
      $toput['friendly'] = "opt3(ovpn1)";
      $iflist['tun0'] = $toput;

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        As has been mentioned many times, that isn't supported under 1.2.  I'm not sure it will be supported under 2.0, but if you search you'll find out.

        1 Reply Last reply Reply Quote 0
        • J
          johbra
          last edited by

          Maybe i was a bit unclear. I'm editing the actual php code generating the gui to enable filtering. My question is: Is the solution i have presented possible?

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            Probably not, because there will be more than just the GUI involved.  If it was just a case of a GUI hack then it would probably have been in 1.2.x already.

            1 Reply Last reply Reply Quote 0
            • J
              johbra
              last edited by

              so…yesterday i uppgraded my firewall to 1.2.3 and now the tun interfaces (OpenVPN interfaces) show up in the GUI. I've adde them as optional interfaces. The thing is when i create rules for these interfaces nothing happens so i guess this is not supported? But...when i look in the firewal logs, i can se the occational packet beeing blocked on the tun0 or tun1 interface?

              Is there anyone who can bring some light as to why the tun interfaces show up in 1.2.3 and if they can be filtered?

              I just ran the command "pfctl -sr" on my pfsense box and it seems that the rules i've created for the tun interfaces are there. I'm no master of pf so i will have to spend some time decoding this printout.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.