While not strictly necessary, it is possible to assign individual interfaces for OpenVPN servers and clients alike. However doing
so may yield unexpected behaviour of firewall rules. Most notably, rules created on an assigned interface of an OpenVPN Roadwarrior
server are created with the
reply-to directive by default, which breaks client connectivity.
In cases as described above, it can be observed that incoming traffic matches and passes the corresponding firewall rule, but reply traffic is never sent back to the connected client. This can be verified via the Web GUI by going toand optionally by performing a packet capture on the affected interface.
There are multiple ways to fix this problem. For most setups, it will be sufficient to disable the automatically created IPv4 and
IPv6 Gateways under
reply-to directive to rules created on the interface, and client connectivity will be restored.
Another option is to manually select the option “Disable Reply-To” on each firewall rule you generate on the assigned interface. See Rules for further details.
The third option is to globally disable the generation of
reply-to completely as described in
(Advanced) Settings. However this method can break Multi-WAN setups.