Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn firewall rule

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 14.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gullio
      last edited by

      hi, i have trying to setup firewall rule for my openvpn users, i have configured the opt interface for openvpn(tun0), i have enable it and set none on ip address.

      after that i have go to rules select new interface called openvpn and i have created a new rule, but when i issue the apply button the gui return me with an error related to syntax.

      to clarify:

      php: : There were error(s) loading the rules: /tmp/rules.debug:206: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [206]: pass in quick on $openvpn inet proto icmp from /32 to any icmp-type echorep keep state label "USER_RULE"

      this happen when add a rule to the openvpn interface

      block
      from: openvpn subnet
      to: any
      protocol: icmp
      type: any

      if i change openvpn subnet to any( as source) no error is displayed, but the rule not work.

      i use pfsense ver 1.2.3

      how can i enable traffic filter on openvpn without encountering errors?

      Thanks
      Giulio

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        http://doc.pfsense.org/index.php/OpenVPN_Traffic_Filtering_on_1.2.3

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • G
          gullio
          last edited by

          hi jimp thanks for reply, i have followed this guide but i can't figure out what is wrong.

          i have checked the interface and it is tun0 on server and on client, but any rule configured on interface tun0 won't apply.

          pls advice

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If you follow the instructions there exactly, it works. I've done this dozens of times.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • G
              gullio
              last edited by

              i have follow the instruction on the link you have advice, i have changed on custom configuration adding dev tun9(for example) also configured the optx interface with tun9 then i disable/enable the openvpn server and i still go anywhere on my network else if i have permitted only icmp protocol.

              perhaps i missed something… i don't know but pls someone can explain me step by step.

              thanks

              1 Reply Last reply Reply Quote 0
              • G
                gullio
                last edited by

                hi, i have read the guide in the book you have wrote "pfsense the definitive guide" and i have solved my issue because the process is explained very well.

                Thanks for all advice.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.