Filtering rules with multiple OpenVPN servers



  • Hello all,

    Thanks in advance for any help…. :)

    I have 3 OpenVPN servers running on ports 1194, 1195 and 1196.
    I have 3 interfaces defined - VPN_1, VPN_2 and VPN_3 - each assigned to the relevant ovpnsx network port
    I have ticked box: "Disable all auto-added VPN rules" in System: Advanced: Firewall and NAT
    The interfaces are all up and show an IP address
    I can connect into VPN fine.

    However - I cannot get traffic filtered as expected. Any rules defined on the VPN_x lan are ignored. The only rules that are followed are any defined on the OpenVPN tab/interface. It seems very odd - I must be missing something obvious but I've tried and tried, rebooted, restarted and rebooted.

    I would be very grateful for any help with this.

    Thanks,
    Mark


  • Rebel Alliance Developer Netgate

    The most likely cause in this scenario is that your per-interface rules are not being matched as you expect.

    If the VPNs are assigned with an IP type of "none" as they should be, make sure you are not using the macros for things like "VPN_1 subnet" and similar. With an IP type of "none" those are really blank/null. If you specify the actual subnets there, the traffic can be matched.