Bug #2684
closedOpenVPN interfaces cannot be set as usable gateways
0%
Description
I am trying to set a pfSense OpenVPN client instance as a gateway that LAN clients can use. I created an pfsense interface and assigned the OpenVPN instance (ovpnc2) to it (setting the IPv4/6 addresses to none). The gateway works and the other side is reachable, however it does not show up as a gateway option in the advanced firewall rules. This is because the "Gateway" still says dynamic since OpenVPN instance is the one negotiating the IP address. (see pfSense dynamic gateway 1.PNG)
When I set the pfSense interface as DHCP, the correct gateway IP shows up in the gateway list instead of "dynamic", and the gateway can then be selected in the firewall rules, but the other side is no longer reachable and the tunnel no longer works. The OpenVPN tunnel instance stays up. (see pfSense dynamic gateway 2.PNG)
I am using the current (Nov 17) 2.1 snapshot. The issue is also the same on the Nov 12 snapshot.
Files
Updated by Chris Buechler over 11 years ago
- Status changed from New to Rejected
assigned OpenVPN interfaces, when correctly set as type "none", are automatically filled in correctly on every version including the latest snapshot. Setting them to anything other than "none" is not correct.
Updated by Anonymous over 11 years ago
I am aware of that. The issue is when pfSense interface IP is set to "none", the gateway doesn't pop up in the firewall rules list, because the gateway IP is simply listed as "dynamic" under the gateway column on the "Status: Gateways" page, instead of listing an IP address. The bug is pfSense is not filling out the gateways column with a valid IP address using OpenVPN. When the pfSense interface IP is set to "none", I can see it getting a valid IP and GW on the Status: Interfaces page, just not on "Status: Gateways"
When the pfSense interface IP is set to "DHCP or Static", an IP shows up in the gateway column, and the gateway can then be selected in the firewall rules, even though it won't work because the OpenVPN instance is not the one getting the IP address.