Assigning OpenVPN interfaces and firewall rules



  • From 1.2.3 i'm used to force different openvpn tunnels to specific tuns and assign them as OPTs.

    Since we have with 2.0 a new firewall tab for openvpn i'm not sure how to work with this.
    I recently needed the IGMP proxy to work through a VPN tunnel.
    For this i assigned the tunnel as OPT and enabled the proxy on it.
    However now there is a tab for the OPT and OpenVPN in general.

    In what order are the tabs/rules processed?
    Does it even matter if rules are on one tab or the other?
    Or does ot behave like with floating rules and interface specific rules?



  • Well in the new tab you can put more specific rules.
    Though if you are happy with what you have under the general rule than its ok.

    You can easily consider OpenVPN tab as a interface group, under the hood its the same and probably would make sense to have it show up in interface groups by default.
    I will create a TODO on redmine for this to not be forgotten.

    Hoepfully that answers your question.



  • Yes this helps.
    Thanks.


Log in to reply