Multiple tun and which is which.



  • I've been playing with openvpn for a bit and I was happy to succeed in a site to site, and now a roadwarrior style setup also.  Now that I am up and running I am moving onto the next step of limiting traffic.  Right now I have no filtering and no assigned adapters.  Can someone point me out in the general direction as I got swamped in the seach…
    1.  How do I identify which tunnel is which so when I assign an adapter I know which is which?  Right now if I create opt1, I have to choose from tun0 (663) and tun1 (60480). how can I identify which is my site to site or the roadwarrior one?
    2.  If i currently only want port 80 traffic through the vpn, add I would have to do is set a firewall rule to allow port 80 on the opt1 adapter from opt to lan? (if I remember right all traffic is blocked and the rules overwrite?).

    thanks!

    Update.  ok I could not wait. I assigned the interface and then the interface status gave me the ip which told me which one it was.   I am at a loss on the firewall.  Do I block on the opt1 or the lan.  Seems not matter what I do, I can't block anything.  I've put a block all on the opt1 and a block opt1 on the lan rules and nothing stops traffic.  someone care to point me in the right direction....?



  • @tester_02:

    1.  How do I identify which tunnel is which so when I assign an adapter I know which is which?  Right now if I create opt1, I have to choose from tun0 (663) and tun1 (60480). how can I identify which is my site to site or the roadwarrior one?

    You can set in the custom "custom option" field which tun will be assigned to which connection.
    See the OpenVPN man-pages on how to do that.

    @tester_02:

    2.  If i currently only want port 80 traffic through the vpn, add I would have to do is set a firewall rule to allow port 80 on the opt1 adapter from opt to lan? (if I remember right all traffic is blocked and the rules overwrite?).

    What exactly do you want?
    Allow what kind of traffic from where to where?
    Can you describe that and show a screenshot of the rule you already have?



  • @GruensFroeschli:

    You can set in the custom "custom option" field which tun will be assigned to which connection.
    See the OpenVPN man-pages on how to do that.

    @tester_02:

    2.  If i currently only want port 80 traffic through the vpn, add I would have to do is set a firewall rule to allow port 80 on the opt1 adapter from opt to lan? (if I remember right all traffic is blocked and the rules overwrite?).

    What exactly do you want?
    Allow what kind of traffic from where to where?
    Can you describe that and show a screenshot of the rule you already have?

    Thanks for support!
    I did figure out which vpn was which by assigning the opt and seeing which ip it was assigned.  So now I have both vpn's assigned.
    Opt1 is my site to site vpn, and Opt2 is my roadwarrior style.  The only setting I have on it is that I set the bridge to disabled, and I set the ip address to match my setup in the openvpn settings. 
      What I am a bit of a loss at is the firewall blocking.  What I want to do is just allow port 80 on my opt1.  So I just setup a rule to only allow tcp port 80, as I believe everything else is blocked by default in pfsense.  It does seem to block traffic from the other site to mine.
      The problem is that I can still connect directly to other ports on the remote site.  What I am guessing is that the NAT is causing my problems?  Would I have to override the automatic outbound nat, and set it for AON.  The problem there is I am not sure about the rules..
    Background info..  local net 192.168.4..  Site 2 192.168.1.

    I am still a bit of a loss to all this, as I would have assumed that opt1 would block all traffic unless I open it up.  That NAT portion makes a bit of sense, but I would have originally thought the rules would override it.

    Any help is appreciated.


Log in to reply