• I use both Road Warrior and a Site2Site(shared key). When I first create the road warrior setup, an OpenVPN tab is created under the Firewall Rules page. I create the Site2Site setup and no new tab is created under the Firewall Rules page.

    I enable logging under the default allow all rule within the OpenVPN Rules tab. I noticed in the firewall log that this rule tab is used for both my Road Warrior and my Site2Site tunnels. How would I setup rules for each tunnel differently? Would I have to assign ovpns1 and ovpns2 to interfaces under the Interfaces page? And if I do that, would the OpenVPN Rules Tab then be used for both interfaces or would it be unusable?

    For the most part, the Road Warrior will be allowed all but I want to limit the Site2Site access.

  • Rebel Alliance Developer Netgate

    If you craft the firewall rules properly (specify the source subnet for each remote network), then you do not need multiple tabs or to assign interfaces.

    You can assign interfaces if you want, but it really isn't necessary if you setup the rules the right way, like so:

    pass * from roadwarrior_subnet to <road warrior="" stuff="">pass * from site2site_subnet to</road>

  • I didn't think about…. That should work nicely.. Thanks for your suggestion :-)