Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
[Solved] OpenVPN firewall rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Solved] OpenVPN firewall rules (Read 3834 times)
Gauss23
Hero Member
Posts: 766
Karma: 39
[Solved] OpenVPN firewall rules
«
on:
October 03, 2020, 12:27:54 pm »
Hi,
I noticed a strange problem with OpenVPN servers on OPNsense when assigning interfaces to those OpenVPN servers.
There is already a german thread
https://forum.opnsense.org/index.php?topic=9150.msg88343#msg88343
When creating an OpenVPN server and assign that server to an interface you´ll get those new interfaces in the Firewall section. I thought it might look better if you separate the rules by interface. Unfortunately rules created there don´t bring the effect you´d expect. The rules are evaluated by traffic flowing through this interface. In the firewall logs you can see that the packets come in from the correct interface and the packets may pass.
But the packets are not leaving the OPNsense anymore. Doesn´t matter if the packets need to be routed or are addressed to services on the OPNsense.
When you move or even clone the same rule to the OpenVPN firewall section packets are flowing like they should.
Something is weird with handling traffic through those assigned interfaces.
Did a packet capture but don´t see any problems here. You see the packets coming in, but not leaving the box.
«
Last Edit: October 05, 2020, 08:29:31 pm by Gauss23
»
Logged
„The S in IoT stands for Security!“
insecure
Newbie
Posts: 8
Karma: 0
Re: OpenVPN firewall rules
«
Reply #1 on:
October 04, 2020, 01:38:58 pm »
I can confirm this behavior. Should we open a ticket on github?
Best reguards,
Marc
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: OpenVPN firewall rules
«
Reply #2 on:
October 05, 2020, 07:57:16 am »
Issue created:
https://github.com/opnsense/core/issues/4395
Logged
„The S in IoT stands for Security!“
Fright
Hero Member
Posts: 1777
Karma: 164
Re: OpenVPN firewall rules
«
Reply #3 on:
October 05, 2020, 08:36:42 am »
can you please add screenshots?
it is a little unclear on which interface it works and on which not
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: OpenVPN firewall rules
«
Reply #4 on:
October 05, 2020, 09:33:08 am »
Ok, added some screenshots to the issue at Github
Logged
„The S in IoT stands for Security!“
insecure
Newbie
Posts: 8
Karma: 0
Re: OpenVPN firewall rules
«
Reply #5 on:
October 05, 2020, 10:06:20 am »
Thank you for opening the ticket!
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: OpenVPN firewall rules
«
Reply #6 on:
October 05, 2020, 07:47:28 pm »
tested some rule modification. works for me:
https://github.com/opnsense/core/issues/4395#issuecomment-703783952
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: OpenVPN firewall rules
«
Reply #7 on:
October 05, 2020, 08:03:36 pm »
Yes, problem is solved by setting "disable reply-to" for all rules on the interface specific section.
Logged
„The S in IoT stands for Security!“
Fright
Hero Member
Posts: 1777
Karma: 164
Re: OpenVPN firewall rules
«
Reply #8 on:
October 05, 2020, 08:14:08 pm »
glad it works )
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
[Solved] OpenVPN firewall rules