Create tun interfaces for openvpn explicitly.
* The only downside for now is that we can leak tun devices when tunnels are deleted. The propper fix can be by using devd script on down interface event or use the on down script called by openvpn itself.
Rename those to openvpnX names and add tehm to the openvpn group(to not rely on groups created by FreeBSD automatically).
Use group openvpn on filtering for all OpenVPN tunnels.
Remove redundant creation of rules for allowing traffic outside of the pfSense itself since pf allows this with a rule without interface specified.
NOTE: left in place are the TAP interface rules which i do not know if they can be configured for openvpn as of now. There is even a check for tun/openvpn and tap interfaces if they are being used as WAN interfaces to create explicit pass in rules which are questionable if are needed since there are outgoing rules whith keep state active which should compensate this. For now leave those untouched.
Added by Ermal Luçi over 17 years ago
The propper fix can be by using devd script on down interface event or use the on down script called by openvpn itself.
NOTE: left in place are the TAP interface rules which i do not know if they can be configured for openvpn as of now.
There is even a check for tun/openvpn and tap interfaces if they are being used as WAN interfaces to create explicit pass in rules which are questionable if are needed since there are outgoing rules whith keep state active which should compensate this.
For now leave those untouched.