[SOLVED] OpenVPN : can't get internet to the clients (firewall rules issue)
-
Hello everyone!
First of all, thanks to anyone reading this post. I'm pretty sure my problem is about a firewall rule, but I may be wrong.So, I have a OpenVPN server on my main pfSense. I whish that my connected clients get internet access, but not access to the whole local network for security reasons. So I configured NAT and OpenVPN firewall rules as the pictures included in this post. (I tried destination WAN NET and WAN ADDRESS with no luck).
What I've discovered is that if I put * as destination for the firewall rule, I now get internet access, but also full access to the local network which is not wanted.
Example of what I see from the firewall log:
Apr 8 12:51:46 ovpns1 Default deny rule IPv4 (1000000103) 192.168.99.2:57908 54.190.179.118:443 TCP:RAOpenVPN subnet : 192.168.99.0/24
Redirect gateway is enabled for the VPN Server.Thanks!
-
Destination WAN net is not the internet. Destination any is the internet.
If your WAN interface is 198.51.100.18/29, then WAN net = 198.51.100.16/29 - those are the only destinations that will be passed by that rule. I'm sure you can see how that is NOT the whole internet.
-
Oh. So then, if I make it destination "any", I have to make rules to block each individual VLANs right ?
Thanks!
-
Pass the specific local assets you want them to access
Block the less-specific local assets you do not want them to access (This can often be an RFC1918 alias or similar - Do not neglect This firewall as well)
Pass everything else (the internet) -
Thank you very much for the solution!
I made an alias for localdomain so it makes things easier and cleaner in the rules. Thanks again!