VPN: IPsec: Connections [new] not creating automatic firewall rules for phase 1

Monviech (Cedrik) · July 24, 2023, 12:17:11 PM

Hello,

When using the old "VPN: IPsec: Tunnel Settings" each phase 1 had firewall rules created automatically in "Firewall: Rules: Interface", allowing the remote and local ipsec peers to communicate with each other.

I want to know if VPN: IPsec: Connections [new] not creating these automatic firewall rules is a design choice, or if it should happen and it just doesn't work for me.

I defaulted to recreating the IPsec rules manually and use an alias group in it for all remote IPsec peers.

franco · July 24, 2023, 01:14:44 PM

I think that's a feature as people tend to complain about automatic rules.

Cheers,
Franco

Monviech (Cedrik) · July 24, 2023, 01:54:13 PM

Thanks for the answer.

I personally don't mind it either way. It just might suprise some people who migrate their tunnels from the old into the new gui.

franco · July 24, 2023, 01:58:11 PM

FWIW, it's documented here: https://docs.opnsense.org/manual/vpnet.html#firewall-rules

"The new connections feature does not offer this and (WAN) rules have to be specified manually in order to connect to IPsec on this host."

Cheers,
Franco

Monviech (Cedrik) · July 24, 2023, 02:03:12 PM

Thank you, I will search the docs next time.

franco · July 24, 2023, 02:19:50 PM

No problem. We tried to make sure this is mostly covered in the docs also for the upcoming OpenVPN instances GUI. :)

Cheers,
Franco

VPN: IPsec: Connections [new] not creating automatic firewall rules for phase 1

Monviech (Cedrik)

July 24, 2023, 12:17:11 PM

franco

July 24, 2023, 01:14:44 PM #1

Monviech (Cedrik)

July 24, 2023, 01:54:13 PM #2

franco

July 24, 2023, 01:58:11 PM #3

Monviech (Cedrik)

July 24, 2023, 02:03:12 PM #4

franco

July 24, 2023, 02:19:50 PM #5