OpenVPN showing twice under rules
-
OpenVPN is showing twice under rules after i created a interface for it. Do you know how i can get rid of the wizard created rule heading?
-
@iptvcld
When you fire up an OpenVPN instance, pfSense generates implicitly an interface group, which all instances (clients as well as servers) are member of. This is the OpenVPN tab you can see at the rules page.
You cannot remove this interface group, you can only delete all firewall rules from it.When you assign an interface to an OpenVPN instance, you can find a specific tab for it where you can add rules.
However, it is member of the OpenVPN interface group.
Consider that firewall rules on a group tab are processed before rules on member interface tabs. -
@viragomann thank you for the reply and explanation! So what I did was delete the rule that was first made under the OpenVpn tab and then a made the new interface and named it as VPN. I then had to go back to OpenVpn and click on server and then click on save to restart the service. Everything started to work then. Hope what I did was the correct process....
With doing that I was able to create my first rule as source as VPN Net * and destination * instead of the OpenVpn source tcpv4 * to * and leaving it open to any ip.
Also I found a benefit with the created interface, I was able to add the VPN net to my existing iot interface rule for no cross chatting.
-
Yes, that is correct.
If you assign the server as an interface you have to restart the instance afterwards for the new settings to apply. You almost always want to have the rules on the assigned interface tab and not on the group OpenVPN tab. That is required for policy routing to create the firewall states correctly.
Steve
