Allowing traffic over OpenVPN TunnelsΒΆ

By default, all traffic is blocked from entering OpenVPN tunnels. To allow traffic from remote OpenVPN nodes to make connections to resources on the local side, firewall rules under Firewall > Rules, on the OpenVPN tab are required.

As with other aspects of the firewall, these rules will only match traffic coming into the system from the remote side, not traffic leaving from the server side, so craft the rules accordingly. In cases when pfSense is used on both ends and traffic is required to reach between local networks on both sides, then rules are required on both firewalls.

Add an OpenVPN rule which passes all traffic as follows:

  • Navigate to Firewall > Rules, OpenVPN tab
  • Click fa-level-up to create a new rule at the top of the list
  • Set Protocol to any
  • Enter a Description such as Allow all on OpenVPN
  • Click Save
  • Click Apply changes

To limit the traffic to only specific sources and destinations, adjust the rule(s) as needed. A strict ruleset is more secure, but more difficult to create.