Openvpn rules: /tmp/rules.debug: syntax error, 2.4.5-RELEASE-p1
-
Hello everyone,
I have setup openvpn on my pfsense and I got this error when rules a reloaded :
There were error(s) loading the rules: /tmp/rules.debug:1076: syntax error - The line in question reads [1076]: pass in quick on $OpenVPN inet proto { tcp udp } from any to $PRIVATE_NETWORK tracker 1600794344 keep state label "USER_RULE" @ 2020-11-04 16:36:10
The openvpn wizard created a rule automatically to allow traffic to my network on the openvpn tab in rules section. The rule is pretty simple.
I have read somewhere that was a bug fixed in 2.4.5-RELEASE-p1 so I upgraded to this version. But I always have this error.
I compared the syntax between other rules and the syntax seems to be good.
Maybe its the $OpenVPN variable that cause the filter reload to throw that error ?Do you know how I can check known pfsense variables ?
And does anybody already encountered this kind of error ?
Oh, another thing : vpn seems to work fine if I just ignore the error but if I do so, I got some strange problem like outgoing NAT rules not loading anymore ...
Thanks,
Romain
-
try to edit the rule and remove or change or add a label
idk how you ended up with -- & quot; USER_RULE & quot; --
maybe there is something wrong with the wizard ...
it should be
label "USER_RULE: USER_RULE" -
Hello,
I found what was the problem. When we migrated to pfsense from checkpoint firewall, we imported an alias named "OpenVPN" which pointed to openvpn port number...
This caused the "syntax error" on the rule because $OpenVPN was a port number and not the interface name of openvpn.
But I guess wizard could tel us that OpenVPN variable is already used when validating installation but anyway :)
Bye