OpenVPN Net-to-Net firewall rule (Outgoing Firewall Access)

I finally have setup a OpenVPN Net-to-Net named [N2N-TEST] with 2 ipfire boxes:

  • Site A-Green: / Masquerading: ORANGE & GREEN => OFF
  • Site B-Green: / Masquerading: GREEN => OFF

I had to create the following firewall rule on Site-A so that the PC’s can connect to Site-B: GREEN-Network:

Site-A (ipfire):

  • Source → Firewall: All
  • NAT: Source NAT → New source IP address: Green (
  • Destination-> OpenVPN Net-to-Net: [N2N-TEST]
  • Protocol: All.

This rule is then listed in the “Outgoing Firewall Access” in the Firewall Rules list…

So with this rule Site-A can access Site-B GREEN network.

My question is:
This rule works for me but I’m not sure if this is the correct way since I thought that it shouldn’t be necessary to create any rule for OpenVPN anyway.
Or is this rule only necessary if MASQUERADING for GREEN and ORANGE on Site-A are turned off ?

Any help is greatly appreciated!