Migrating OpenVPN filtering setup from 1.2.3 to 2.0.1



  • Hello!

    I'm preparing to migrate from 1.2.3 to 2.0.1 (on new hardware). I'm testing with backing up existing configuration on my currently running 1.2.3 machine and restoring configuration on the new 2.0.1 machine.

    My existing 1.2.3 setup uses OpenVPN traffic filtering as described here: http://doc.pfsense.org/index.php/OpenVPN_Traffic_Filtering_on_1.2.3. My OpenVPN server is configured with extra argument '–dev tun0', tun0 device is assigned to interface OVPN and filter rules are defined for this interface.

    I see that on pfSense 2.0 there is no longer need to define special interface for OpenVPN traffic filtering as this is now supported natively. I'm wondering what is the best plan for migrating from my current setup to this new system.

    When I restore my existing configuration to new firewall, I need to manually assign interfaces after booting with the new configuration for the first time. This is expected as new machine has different NICs and so interface names have changed. I can assign all other interfaces as they should be, but there is no 'tun0' device to which I could assign my OVPN interface. So I assign this interface to some other device arbitrarily and reboot once more. On next boot I see that device named 'ovpns1' has appeared and I assign my OVPN interface to this device.

    I have not yet tried to go live with this new firewall, but before I do I'd like to find out answer to the following:

    Would this current setup (OVPN interface assigned to ovpns1 device) work as expected, or should I manually migrate filtering rules from my OVPN interface to the 'built-in' OpenVPN filtering section and remove the manually-created interface?


Locked