Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
OpenVPN Firewall rules evaluation order
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN Firewall rules evaluation order (Read 2673 times)
drivera
Jr. Member
Posts: 80
Karma: 0
OpenVPN Firewall rules evaluation order
«
on:
November 03, 2018, 11:18:49 pm »
Hi, all!
For my setup, I have several OpenVPN links going to-and-fro. I managed to get everything working in a pretty clean manner, but have found one inconsistency that I thought could bear some discussion.
Out of preference, and b/c the tunnels I have are pretty much constantly up, I decided to assign a static interface to each of the tunnels so their access rules would be easier to manage. That worked as expected, minus a speedbump when I realized that the OpenVPN tunnels had to be bounced after all the configuration was done. Minor setback, but easily resolved. Moving on...
What I discovered is that the rules for "OpenVPN" are evaluated *before* the rules for each of the individual tunnels. Intuitively, I would have thought that the most specific rules groups are always evaluated first, but this doesn't appear to be the case here.
Is this by design? Is this a defect that needs correcting?
I discovered this when I added what I hoped to be a "catch-all" REJECT rule, for easier debugging, and found that it was the cause of the traffic not flowing. As soon as the rule was disabled (later removed), everything worked as it should.
So... thoughts?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
OpenVPN Firewall rules evaluation order