Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Confused with firewall rules for OpenVPN

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 56 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jankol
      last edited by

      Hello,
      I managed to set up OpenVPN on Netgate 6100, but I am not sure of the correctness of the firewall rules I added.

      The source of my confusion is two new tabs in the "Firewall => Rules" menu connected with Open VPN. There are tabs "OVPN1" and "OpenVPN". I am not able to find a sufficient description of the behavior of rules in these two tabs.

      The OpenVPN Server is sitting on the WAN2 interface (connected to ISP). I have added an exception rule to "Firewall => Rules => WAN2" menu so remote clients can establish an IPv4 connection on UDP port 1194.

      So far I know, the "OVPN1" represents a virtual interface (I can find it in "Interfaces => Assignments" menu.) I treat it as the endpoint of the tunnel - when a connected remote client sends a packet, via the tunnel, the packet is processed by OVPN1 interface.

      On the "Firewall => Rules => OVPN1" tab I have no rules. GUI says that if no rules are added, all traffic is blocked. But I did not manage to find any WAN or LAN connectivity issues for remote users. So it seems to me there is no traffic passing this virtual interface, and that is why I am confused.

      On the "Firewall => Rules => OpenVPN" tab, I have two rules: First rule is to enable all traffic from the remote subnet to anywhere, second rule is to block all traffic. I have not dealt with firewall rules for remote clients as I am the only user of the OpenVPN so I do not limit access of the remote users.

      What I would like to know is the difference between "OVPN1" and "OpenVPN" tabs in the "Firewall => Rules" menu and I would like to understand how packets are passing those two interfaces. I would also like to know whether the firewall rules I mentioned are set correctly or I'm missing something.

      Thanks,
      Jan

      1 Reply Last reply Reply Quote 0
      • the otherT Offline
        the other
        last edited by

        hey there,
        a look in your documentation gives an answer:
        https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/firewall-rules.html
        See far down > Tip!
        :)

        In short: rules under the general OpenVPN Tab are for all your (in case you have more than one) openVPN servers on pfsense.
        So you can set seperate rules for those...
        here I have (under firewall > rules tab):
        no rules at all for general openVPN but rules set for my openVPN server "number1" (just an example).

        the other

        pure amateur home user, no business or professional background
        please excuse poor english skills and typpoz :)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.