OpenVPN add firewall rule?



  • Hi All
    I'm trying to troubleshoot a current pfsense installation. THere is a site to site openvpn connection from one office to the other over the internet..
    I'm noticing however that the webgui is accessible from anywhere and I don't think that is tight enough. What I want to know is
    when you create a site to site vpn connection from one office to the other, is there a firewall rule that is automatically created?

    I'm seeing a wan rule that passes all from anywhere to anywhere. If I disable this rule, will I kill the vpn connectivity?

    Hope my question was clear.


  • Rebel Alliance Developer Netgate

    The OpenVPN wizard for a remote access VPN offers an option to create a firewall rule, but others do not get any sort of automatic rules.

    Add a rule to the WAN that allows traffic to the IP:port/protocol used by the VPN and you'll be fine. (e.g. pass WAN udp * * WAN address 1194)



  • Ok thanks for that. I want to put a specific rule in per source ip also. I forgot to mention however that the install is an old version 1.2.2

    My plan is also to upgrade to the latest but I want to at least care for this until that can be done.

    Thanks again.



  • you should really really update first …. 1.2.2 = hitting rocks together to get fire ; when compared to the new releases.
    also, you won't find "anyone" that will be able to help you because there are almost no installs left with that version, to test stuff on.

    -try importing your current config into a virtual machine, see if you can get it to import cleanly.
    -if VM seems to work, make a good backup of your current system (if you have a spare Harddrive, use a new drive and remove the old one ... you can allways plug it back in, if it somehow doesn't work out)
    -get what you currently have running to a current build (2.1.4-release)



  • Ok will do. thanks for that.


Log in to reply