Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
OpenVPN: OpenVPNServer Interface - usefull?
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN: OpenVPNServer Interface - usefull? (Read 3055 times)
flushell
Newbie
Posts: 43
Karma: 3
OpenVPN: OpenVPNServer Interface - usefull?
«
on:
September 28, 2018, 04:08:00 pm »
I have a working OpenVPN server on my up-to date OPNsense (18.7.4) box.
In the Firewall-Rules tab there are 2 instances related to this server:
1 OpenVPN
2 OpenVPNServer
1.
there is a rule here to pass traffic from the tunnel to my LAN
2.
is empty.
Furthermore:
2.
corresponds to a interface with the same name.
This interface get's the first IP of my tunnel network (I don't know how it knows that, because the settings in the interface are empty).
I can disable this interface - and the VPN still works!
If I, however, check "Block Private Networks" in the interface settings: I can connect to the VPN but I can not use internet (everything seems blocked) - So it
seems
to have some sort of function.
Questions bothering me:
- What is the function of the Firewall instance of OpenVPNServer?
- What is the function of the OpenVPNServer interface and why can I disable it without consequence?
- How does the OpenVPNServer interface gets it's IP?
Logged
mitra7
Newbie
Posts: 13
Karma: 0
Re: OpenVPN: OpenVPNServer Interface - usefull?
«
Reply #1 on:
September 28, 2018, 05:15:48 pm »
OpenVPN Interface on the Firewall Section is usefull in some scenarios.
Imagine you don't want the remote VPN server accessing to your PFSense/OPNSense, this only applies if you have services listening on all interfaces.
By blocking incoming connections you deny the server to reach for example your 80, 443 or 22 port, or even ICMP.
Usually I use the OpenVPN interface to NAT the remote VPN network to the rest of my network, it can be used also if you are working with a Site-To-Site VPN
OpenVPNServer interface gets ip because when the VPN starts it is creates an interface usually called tunX (tun0, tun1...) and it will assign the first ip address from the ip range you specify in the vpn config.
I hope this helps
«
Last Edit: September 28, 2018, 10:06:27 pm by mitra7
»
Logged
flushell
Newbie
Posts: 43
Karma: 3
Re: OpenVPN: OpenVPNServer Interface - usefull?
«
Reply #2 on:
September 28, 2018, 08:21:44 pm »
Not really, but thanks.
I get somehow the impression that the two sections in the Firewall Rules are linked after some fiddeling with the settings: If I copy the pass rule from 1 to 2 (OpenVPN to OpenVPNServer) all is working well.
Maybe OpenVPN is some sort a symlink or alias to OpenVPNServer?
Edit:
I found an
old topic
with the same question(s) as me. Especially the
third post
. It is not anwered though...
«
Last Edit: September 28, 2018, 11:26:52 pm by flushell
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
OpenVPN: OpenVPNServer Interface - usefull?