OpenVPN Interface/Rule question
-
I have been using an OpenVPN server configuration for quite a while. Fairly standard that was created with the wizard. When all was setup I made a few specific rules including client-specific overrides and those rules were in the Firewall/Rules section under OpenVPN. Just for reference I have no specific OpenVPN interface setup but all is working fine.
I was investigating adding Avahi to try to pass mDNS across the OpenVPN tunnel. Avahi requires an interface so I added a new interface and selected the ovpns1 port. The interface was added and I enabled it and the new interface was shown under Firewall rules as expected. No rules were added to the new interface at this time. I then got pulled away for another task so I deleted the recently added ovpns1 interface.
A short while later I discovered OpenVPN was no longer working. Clients were connecting but not having traffic routed. I suspected that when I added the new interface the OpenVPN server was reconfigured to use this new interface and without rules no traffic was being routed...much less the interface removed. I restored a backup configuration and all was again working fine but still no OpenVPN interface at this time.
Questions:
-
If I re-add the OpenVPN interface to port ovpns1 do all my existing firewall rules under OpenVPN have to be copied and added to the OpenVPN interface?
-
Unrelated but in the past I changed the IP address of the OpenVPN server tunnel from what was originally setup. When I did this existing clients could no longer connect to the OpenVPN server. To resolve this would I have to export new client configurations??
Thanks in advance.
-
-
Check out https://docs.netgate.com/pfsense/en/latest/book/openvpn/assigning-openvpn-interfaces.html
-Rico
-
Thanks! Link was very helpful. Any suggestion on changing the tunnel IP address range? Are new client configurations needed??
-
You don‘t need to touch the server or client configuration.
-Rico
-
Just tried it again...as soon as I change IP address range of OpenVPN server tunnel network from 192.168.75.0/24 to 192.168.120.0/24 all clients lose internet access. I change all rules from 75 to 120 as well as well as the one client specific override. Bizarre.