Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Assigning an OpenVPN interface : Fitering not working on interface

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 563 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HuskerDu
      last edited by HuskerDu

      Hello,

      After running OpenVPN without an assigned interface for years, I've decided to give it a go.

      Adding an OPT3, restarting OpenVPN (and crashing dhcpd each time), I was waiting for the filtering working according to the plan :
      https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/assign.html#filtering-with-openvpn

      Rules added here are processed after the OpenVPN tab rules, which are checked first. In order to match the rules on an assigned VPN tab, the traffic must not match any rules on the OpenVPN tab. Remove any “Allow All” style rules from the OpenVPN tab and craft more specific rules instead.

      I've copied/pasted my rules from OpenVPN instance to OpenVPN interface. When removing rules from instance, no more trafic is passed, and got no
      hits on rules on interface.

      I should have done something wrong...

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @HuskerDu
        last edited by

        @huskerdu said in Assigning an OpenVPN interface : Fitering not working on interface:

        I've copied/pasted my rules from OpenVPN instance to OpenVPN interface

        What? The instance is the newly assigned interface. So I assume, there should not be any rule before you add one.

        H 1 Reply Last reply Reply Quote 0
        • H
          HuskerDu @viragomann
          last edited by

          @viragomann I had OpenVPN running before, so copy my "old" rules to the newly created interface.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @HuskerDu
            last edited by

            @huskerdu
            Instead of copying you should move the rules to the vpn instance tab.

            To be clear use distinct names for the interfaces.
            The OpenVPN is an interface group which includes all OpenVPN instances you're running on pfSense. So rules on this tab are applied to all OpenVPN instances if they match and have prio over the interface tab. This is what your quote from the docs predicates.

            So also not clear if you really wanted to tell what you wrote here:

            When removing rules from instance, no more trafic is passed, and got no hits on rules on interface.

            H 1 Reply Last reply Reply Quote 0
            • H
              HuskerDu @viragomann
              last edited by

              @viragomann I've copied, then removed them, which shouldn't make no difference in terms of rules at the end of the process.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @HuskerDu
                last edited by

                @huskerdu
                The difference is, when you copy it, you have two rules, the original one and one on the new tab. When you move it, there is only the rule on the new tab, but the original one no longer exists.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.