Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Interface/Rule question

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 520 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeff3820
      last edited by

      I have been using an OpenVPN server configuration for quite a while. Fairly standard that was created with the wizard. When all was setup I made a few specific rules including client-specific overrides and those rules were in the Firewall/Rules section under OpenVPN. Just for reference I have no specific OpenVPN interface setup but all is working fine.

      I was investigating adding Avahi to try to pass mDNS across the OpenVPN tunnel. Avahi requires an interface so I added a new interface and selected the ovpns1 port. The interface was added and I enabled it and the new interface was shown under Firewall rules as expected. No rules were added to the new interface at this time. I then got pulled away for another task so I deleted the recently added ovpns1 interface.

      A short while later I discovered OpenVPN was no longer working. Clients were connecting but not having traffic routed. I suspected that when I added the new interface the OpenVPN server was reconfigured to use this new interface and without rules no traffic was being routed...much less the interface removed. I restored a backup configuration and all was again working fine but still no OpenVPN interface at this time.

      Questions:

      1. If I re-add the OpenVPN interface to port ovpns1 do all my existing firewall rules under OpenVPN have to be copied and added to the OpenVPN interface?

      2. Unrelated but in the past I changed the IP address of the OpenVPN server tunnel from what was originally setup. When I did this existing clients could no longer connect to the OpenVPN server. To resolve this would I have to export new client configurations??

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Check out https://docs.netgate.com/pfsense/en/latest/book/openvpn/assigning-openvpn-interfaces.html

        -Rico

        1 Reply Last reply Reply Quote 0
        • J
          jeff3820
          last edited by

          Thanks! Link was very helpful. Any suggestion on changing the tunnel IP address range? Are new client configurations needed??

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            You don‘t need to touch the server or client configuration.

            -Rico

            1 Reply Last reply Reply Quote 0
            • J
              jeff3820
              last edited by

              Just tried it again...as soon as I change IP address range of OpenVPN server tunnel network from 192.168.75.0/24 to 192.168.120.0/24 all clients lose internet access. I change all rules from 75 to 120 as well as well as the one client specific override. Bizarre.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.