Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    how to create an ovpnc2 interface firewall rule

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 569 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Phil Ten
      last edited by

      Hello,

      I have an openvpn client and server on the same NetGate device 5100.

      When I view firwall logs I see some traffic blocked for interface "ovpnc2".

      I have a firewall rule to allow the traffic for OpenVPN but obviously it doesn't apply for "ovpnc2"

      Therefore I would like to create a rule for interface "ovpnc2", but it isn't listed in the interface dropdown list in the rule creation form.

      How can I create a rule for interface "ovpnc2" ?

      Thank you for all help

      Phil

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Phil Ten
        last edited by

        @Phil-Ten

        Instantiate an interface.
        Go to Interfaces > Interface Assignments, and on the last line, behind "Available network ports:" seleclt the "ocpnc2" interface.
        And hot Save.
        Now you have an interface. Start by renaming it with a useful name.

        Add rules to the Interface if needed.

        My two cents : an OpenVPN client interface is like a WAN interface. Typically, there are no rules what so ever.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        P 1 Reply Last reply Reply Quote 1
        • P
          Phil Ten @Gertjan
          last edited by

          @Gertjan

          Thank you very much for you reply, it answer my question about the ovpnc2 interface.

          What do you mean by "no rules what so ever" for an OpenVPN interface,
          how do you do without adding rules ? for example if you want to allow
          access to a server or a network drive ?

          Thanks

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Phil Ten
            last edited by

            @Phil-Ten said in how to create an ovpnc2 interface firewall rule:

            "no rules what so ever" for an OpenVPN interface,

            "no rules what so ever" for an OpenVPN client interface,
            as traffic is initiated, like the WXAN interface, on your LAN interfaces, and flows out through the OpenVPN client interface (which actually uses the a real WAN interface).

            @Phil-Ten said in how to create an ovpnc2 interface firewall rule:

            for example if you want to allow access to a server or a network drive ?

            From where ? From the Internet ?
            Make a NAT rule on your WAN interface, use your ISP WAN IP, and your good.
            You could, I guess (never tried it actually), add a NAT rule on the opvnpc2 interface. Now, on the other side of the tunnel, for example the IPv4 of your VPN-ISP, you could reach your server
            The server is on your LAN, right ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            P 1 Reply Last reply Reply Quote 0
            • P
              Phil Ten @Gertjan
              last edited by

              @Gertjan

              Well, in my case, we have sites to sites OpenVPN links.
              Each site is a "vpn client" and there is an openvpn server in the middle.
              Each sites have their own data server(s) and other equipments.

              Users on each sites can access servers on other sites.
              I believe NAT wouldn't work well in this case.

              But, now, I think I understand your idea, it's when the client site only have "clients" users, then I understand your NAT suggestion.

              Thanks again

              Phil

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.