Filtering with OpenVPN when upgrading from 1.2.3



  • The migration has some confusion points…

    Scenario

    OpenVPN servers with tun interfaces assigned as OPT interfaces.
    Rules for these OPT interfaces, in order to filter traffic.
    (Official pfSense Book, page 323)

    Migrated to 2.0 or 2.0.1 loading config.xml

    Result

    • New OpenVPN tag at Rules with a new rule that authorizes EVERYTHING. Be careful !!!
    • OPT interfaces assigned to my LAN interfaces (?). In fact, they seem to be assigned, but there are not.
    • OPT interfaces disabled. WebGUI shows as enabled, but they aren't assigned. So, the dashboard says that they are disabled.

    Solution

    • Reassigned my OPT interfaces to my OpenVPN interfaces. Now they are showed as OpenVPN at interface assign. This is a good change.
    • I didn't need to activate it. After reassignet they were working.
    • I disabled the default rule at Rules OpenVPN tag. This tag is a good feature for new installations…

    Regards,

    Josep Pujadas


  • Rebel Alliance Developer Netgate

    The main OpenVPN tab rules do not apply to properly assigned OpenVPN interfaces, so that is really a non-issue

    The book recommends, and the upgrade code only checks, that your tun interface is assigned if you hardcode the device with a config directive such as "dev tun10;" in your custom options. I didn't see that in your config.

    That said, there was a bug in the code that located the assigned tun interface when specified, so I committed a fix for that.


  • Rebel Alliance Developer Netgate

    And an an added bonus, I found that when compression was off on 1.2.3, it ended up turned on in 2.0, so I fixed that as well.


Log in to reply