Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to configure FW Rules for TUN0?

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thunder8911
      last edited by

      Hi everyone,

      I would like to know if there's any special configuration nessesary for the TUN0 device regarding Firewall Rules.
      I have created several rules for traffic between our Local LAN (Network 8.x) and the Lan behind the VPN (Network 42.x) aswell as
      I've created rules between 8.x and 120.x (The VPN Lan) and 120.x and 42.x just to make sure everything between these is passed through.

      The Problem is that i haven't found a way to configure these especially for IF TUN0, so i pasted them into the LAN config.
      I think that's why he blocks all my traffic like the following:

      Dec 23 13:02:53 TUN0 192.168.8.13:8455 192.168.42.9:143 TCP

      Is it right that i have to find a way to configure TUN0 Rules? If so, how can i do that? Or where would i have to put it? Wan maybe?

      Thanks for the help in advance.

      Best regards,
      Stefan

      Edit: FYI, i use openvpn between those 2 pfsense firewalls.
      Pfsense Version is 1.2.2 on both mashines.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        You need to update to 1.2.3.
        The ability to filter OpenVPN has just recently been added.

        @http://blog.pfsense.org/?p=531:

        Disable auto-added VPN rules option - added to System -> Advanced to prevent the addition of auto-added VPN rules for PPTP, IPsec, and OpenVPN tun/tap interfaces. Allows filtering of OpenVPN client-initiated traffic when tun/tap interfaces are assigned as an OPT.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • T
          thunder8911
          last edited by

          Hi Froeschli,

          I don't actually want to add Filter Rules, I'd be completely fine if it passed any of the traffic without blocking it (Like it does at the moment)
          I'm not sure how (if there's no option in 1.2.2) i can tell the Firewall to stop blocking my traffic.

          However, there's a (sort of) weird scenario that I have when SSHing to one of the Remote-VPN Servers.
          I can stay on them like 5-10 Seconds and then the connection closes, so the Firewall doesn't seem to block directly,
          but within a certain time window. Could it be that the connection aborts because on their way back they answer through the
          2nd vpn gateway?

          Like this:
          My PC -> VPN Gate 1 (Firewall) -> (Internet) -> Remote VPN Gate 1 (Firewall) -> Server I want to talk to -> Remote VPN Gate 2 (VPN Server) ->
          -> VPN Gate 2 (VPN Server) -> My Pc

          Could that be a problem? Maybe because of identification issues? Like.. Sending a request to one vpn Server (FW)
          and getting an answer back from the other vpn server?

          Thanks for the Help

          Kind regards,
          Stefan

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.