Phantom OpenVPN interface created under rules

Started by sammy, January 08, 2025, 04:08:03 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 08, 2025, 04:08:03 AM
A phantom interface named "OpenVPN" is automatically created under rules immediately after setting up an OpenVPN server. However, no traffic appears to pass through this interface. Adding the actual OpenVPN interface results in the creation of another interface under rules.
January 08, 2025, 08:10:02 AM #1
This interface is for incoming OpenVPN connections and needs a pass rule to allow incoming traffic.  ;)


Cheers,
Franco
January 08, 2025, 04:04:27 PM #2
Franco,

That's what I initially thought as well. However, the allow rule on the interface doesn't permit any traffic. You need to go under "Interfaces" and assign the newly created VPN. This will add another interface under rules, which can then allow traffic to pass.
January 08, 2025, 04:12:16 PM #3
January 08, 2025, 04:33:36 PM #4
This documentation is accurate, but only after you complete the interface assignment under "Interfaces." The phantom interface is created under Firewall-Rules automatically; however, it does not allow any traffic to pass.
January 08, 2025, 05:05:43 PM #5
Isn't that just the default group used for the VPN type in case you dont have any interfaces attached? It should be used in such cases where you do not have any interfaces, basically a default FW group that applies across multiple instances.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
January 08, 2025, 05:15:34 PM #6 Last Edit: January 08, 2025, 05:48:46 PM by Patrick M. Hausen
Quote from: Seimus on January 08, 2025, 05:05:43 PMIsn't that just the default group used for the VPN type in case you dont have any interfaces attached?
IMHO it is. And in 24.10 it is working perfectly fine to apply firewall rules to if you did not assign any individual OpenVPN interfaces. Here with my HA cluster at least.

Since this is the 25.1 subforum, there might of course be a regression, though.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 08, 2025, 05:47:00 PM #7
Alright, that makes sense, and now everything seems to be working just fine. Thank you all for the guidance! Initially, I added an allow rule, but no traffic was passing. Now it's working, so I must have done something wrong earlier. I recently switched from pfSense to OPNsense, and it's been quite an interesting journey.
January 08, 2025, 07:59:32 PM #8
Quote from: Patrick M. Hausen on January 08, 2025, 05:15:34 PM
Quote from: Seimus on January 08, 2025, 05:05:43 PMIsn't that just the default group used for the VPN type in case you dont have any interfaces attached?
IMHO it is. And in 24.10 it is working perfectly fine to apply firewall rules to if you did not assign any individual OpenVPN interfaces. Here with my HA cluster at least.

Since this is the 25.1 subforum, there might of course be a regression, though.

Exactly what I thought but I didn't test these on the BETA.

Quote from: sammy on January 08, 2025, 05:47:00 PMAlright, that makes sense, and now everything seems to be working just fine. Thank you all for the guidance! Initially, I added an allow rule, but no traffic was passing. Now it's working, so I must have done something wrong earlier. I recently switched from pfSense to OPNsense, and it's been quite an interesting journey.

Glad to hear its working. These default FW groups are created for all VPN types, IPSEC, OpenVPN & Wireguard.

Sometimes odd issues are just a causality of a logical mistake.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Print
Go Up Pages1
User actions