How does new firewall "role VPN" function?

I’m unsure about the “role VPN” firewall object. It seems to be something new, perhaps as a result of a recent update? I am trying to connect a road warrior client through red to the NS VPN server, and formerly was able to do this without any firewall rule just by having the VPN network service available on both green and red at 1194. Now, my attempt to connect my VPN client to NS fails – actually it just stalls without getting a response – so I’m wondering if I need to create a specific firewall rule that allows VPN through?

1 Like

You’re right the “role VPN” firewall object is a new thing but it should not have any impact on VPNs.
The object can be used to create special firewall rules, but all current policies are unchanged.

No, you don’t need to do anything.

Can you post the output of following commands?

config show openvpn
iptables -nvL | grep 1194

Also you can search for errors inside the following logs:

  • /var/log/openvpn/host-to-net-status.log
  • /var/log/firewall.log

I’ll take a look at those logs and post if I find a problem. I need to look back over my configuration settings to double-check my work. Thanks for your response.

I reinstalled my OpenVPN server and everything is working now. Thanks.

1 Like

Hi Giacomo,

Can you advise about this firewall role pls
It can’t be bind to the interface so is this kinda zone?:face_with_monocle: or this is just to restrict some vpn traffic?

Can you give some scenarios pls


The VPN zone contains all IPSEC and OpenVPN VPNs: all traffic coming from VPNs is considered as trusted.

You can, for example, decide that blue zone can access the vpn zone.