Status: Traffic Graph for OpenVPN interface?



  • Hi

    I don't know if OpenVPN interface should be possible to graph but I can only see a IPsec interface even tho I don't have any activated.

    So, its it possible?

    // rancor


  • Rebel Alliance Developer Netgate

    No, each OpenVPN interface is separate - IPsec is all aggregated through one interface (enc0)

    If you want to graph an OpenVPN instance, the easiest thing to do is assign it under Interfaces > (assign), enable it, set the type to "none", and it should work.



  • @jimp:

    No, each OpenVPN interface is separate - IPsec is all aggregated through one interface (enc0)

    If you want to graph an OpenVPN instance, the easiest thing to do is assign it under Interfaces > (assign), enable it, set the type to "none", and it should work.

    Perfect! Thanks

    // rancor



  • Ah, didn't work :(

    When I added OpenVPN interface and assign it to none the VPN stopped working. I couldn't connect to my LAN and I had to remove the interface and reboot pfSense to make it work again.

    Thanks anyway, it's not that important but it's interesting to know how much data is sent via the tunnel

    Regards rancor


  • Rebel Alliance Developer Netgate

    Add firewall rules to the newly created interface. :-)



  • It is not directly pointed to this thread, but where is the difference between the OpenVPN tab automatically created when I start OpenVPN server and the OpenVPN interface I can assign under "Interfaces" ?

    When should I need to assign an OpenVPN interface ? Is this needed, if I want to route traffic for some networks over the OpenVPN tunnel ? But what will than happen to the function of the OpenVPN tab which was created automatically ?! If which one (or both!?) do I have to create firewall rules ?

    How you can see, there is very much I do not really understand and needs clarification for me.
    In the past I didn't recognized, that I can assign an OpenVPn interface :-(


  • Rebel Alliance Developer Netgate

    It's only needed if you want to use it in places that specifically require an interface, like for OSPF, traffic graphing, special NAT tricks, etc.

    If you assign it as an interface, the rules for that interface (or lack thereof) take precedence and not the rules on the OpenVPN tab.

    You don't need to assign as an interface for routing tasks, either for normal routing or policy routing.



  • Puuh, great ;-)

    Thank you very much for this explaination!!


Log in to reply