OpenVPN Client Access To WAN Port

urbnsr

Hello,

I am trying to figure out a setup where an OpenVPN client can access a specific server on the LAN while allowing same client access to the WAN port to pass general traffic through our pfSense firewall.

My firewall rule(s) either allow access to both WAN and all LAN by specifying "all" for destination or access just to our target local server. If I write a rule to limit access to one server on the LAN, a earlier rule written for "WAN net" destination access does not allow general traffic to the OVPN client.

Can I reach my goal (this way)? Thanks!

johnpoz

@urbnsr said in OpenVPN Access To WAN Port:

WAN port to pass general traffic through our pfSense firewall.

Wan net would just be that Wan network - if your say wanting to let your clients route through pfsense to get to 8.8.8.8 for example - wan net wouldn't do that you would have to setup your rules to allow the internet, which is really a any rule. You can place block rules before the any rule to keep them from going where you don't want them to go.

urbnsr

@johnpoz Thanks for your reply.

This seems to work in limited testing. What about:

johnpoz

@urbnsr yeah that can work, but not a fan of ! rules. I would do a specific block to lan net before you allow a any rule if I was doing it.

urbnsr

@johnpoz Maybe like this (Only way I could make my goal work):

johnpoz

@urbnsr yeah if your going to block lan directly, then you no longer need the ! rule, can just be any for destination. Because your explicitly blocking access to lan..

urbnsr

@johnpoz Oh, yeah. !! Thanks.