pfSense

Viktor Gurov wrote:

I think is better to have one vpn.attributes.php for both OpenVPN and IPsec

That should be its own PR. I'm not opposed to that, but there are differences in how they operate which must be maintained.

PR has been merged. Thanks!

The confirm this fix and set to "Resolved" if appropriate

works as expected on pfSense 2.5.0.a.20201006.1250

Example:

pfctl -a openvpn/ovpns1_raduser1_16748 -sr:

pass in quick on ovpns1 inet proto udp from 3.3.3.3 to 7.7.7.7 port < 566 no state
pass in quick on ovpns1 inet proto udp from 3.3.3.3 to 7.7.7.7 port != 899 no state
pass in quick on ovpns1 inet6 proto udp from 2001:db8::3333 to 2001:db8::7777 port < 566 no state
pass in quick on ovpns1 inet6 proto udp from 2001:db8::3333 to 2001:db8::7777 port != 899 no state
pass in quick on ovpns1 inet proto icmp from 2.2.2.2 to 5.5.5.5 no state
pass out quick on ovpns1 inet proto udp from 4.4.4.4 to 7.7.7.7 port 3109 >< 5001 no state
pass out quick on ovpns1 inet proto tcp from any to 7.7.7.7 port > 333 no state
block drop in quick on ovpns1 inet6 proto ipv6-icmp from 2001:db8:1234::/64 to 2001:db8:9999::/56
pass out quick on ovpns1 inet6 proto udp from 2001:db8::4444 to 2001:db8::7777 port 3109 >< 5001 no state
pass out quick on ovpns1 inet6 proto tcp from any to 2001:db8::7777 port > 333 no state