Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN showing twice under rules

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 510 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CloudNode
      last edited by

      OpenVPN is showing twice under rules after i created a interface for it. Do you know how i can get rid of the wizard created rule heading?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @CloudNode
        last edited by

        @iptvcld
        When you fire up an OpenVPN instance, pfSense generates implicitly an interface group, which all instances (clients as well as servers) are member of. This is the OpenVPN tab you can see at the rules page.
        You cannot remove this interface group, you can only delete all firewall rules from it.

        When you assign an interface to an OpenVPN instance, you can find a specific tab for it where you can add rules.
        However, it is member of the OpenVPN interface group.
        Consider that firewall rules on a group tab are processed before rules on member interface tabs.

        C 1 Reply Last reply Reply Quote 1
        • C
          CloudNode @viragomann
          last edited by

          @viragomann thank you for the reply and explanation! So what I did was delete the rule that was first made under the OpenVpn tab and then a made the new interface and named it as VPN. I then had to go back to OpenVpn and click on server and then click on save to restart the service. Everything started to work then. Hope what I did was the correct process....

          With doing that I was able to create my first rule as source as VPN Net * and destination * instead of the OpenVpn source tcpv4 * to * and leaving it open to any ip.

          Also I found a benefit with the created interface, I was able to add the VPN net to my existing iot interface rule for no cross chatting.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, that is correct.

            If you assign the server as an interface you have to restart the instance afterwards for the new settings to apply. You almost always want to have the rules on the assigned interface tab and not on the group OpenVPN tab. That is required for policy routing to create the firewall states correctly.

            Steve

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.