Feature #7640
closedSeparate interfaces for different OpenVPN tunnels
0%
Description
I think you should consider separating different OpenVPN tunnels as different interfaces in firewall_rules.php.
Right now, as a workaround to assign rules to a specific OpenVPN tunnel, proper source or destination have to be defined in the rules. However it would be much more clear to consider each OpenVPN tunnel as a separate interface (like it already happens on the OS side) because often each VPN tunnel requires its own policy.
I understand this would be more difficult for IPsec Phase 2s as encryption is handled in the kernel and all the packets pop out from enc0, but it would be nice if the same was done for IPsec as well.
Updated by Jim Pingle over 7 years ago
- Status changed from New to Rejected
You can do this now by assigning the openvpn interfaces so you get a tab for each one individually, which is as close as this will get. Post on the forum/list/reddit/etc if you need help or can't find the docs for it.
Updated by Riccardo Paolo Bestetti over 7 years ago
Doing that resulted in all OpenVPN packets for the particular tunnel being dropped, so I assumed it was flawed or an unintended feature.
Updated by Jim Pingle over 7 years ago
Then the configuration procedure was performed incorrectly, follow up on the forum/list/reddit/etc for configuration help.