OpenVPN wizard WAN rule allows outside access to the administrative WebGUI

chitchat

Hi,

pfSense noob here. My WebGUI is exposed to the internet.

The only pass rule for WAN is one created by the OpenVPN wizard. When this rule is active, the outside world sees the WebGUI! I confirmed that when the rule is inactive access to the WebGUI ceases.

Is this supposed to work this way? This seems like it can't be right...

If this is expected behavior, how do I disable access to the WebGUI with OpenVPN active?

Appreciate any insight!

Screenshot 2025-05-19 at 1.12.06 AM.png
Screenshot 2025-05-19 at 1.07.48 AM.png Screenshot 2025-05-19 at 1.09.41 AM.png Screenshot 2025-05-19 at 1.08.43 AM.png

patient0

@chitchat said in OpenVPN wizard WAN rule allows outside access to the administrative WebGUI:

The only pass rule for WAN is one created by the OpenVPN wizard

The pfSense+ OpenVPN Wizard created this rule, or what wizard? That's more a "let's get hacked" rule.

The "OpenVPN OVPN WAN Remote Access for Cos wizard" rule allows access from any outside IP, any protocol to the pfSense+ address.

What you want is to follow Netgate docs: OpenVPN Firewall Rules.

Basically: change protocol to UDP, destination port 1194 (if the OpenVPN port left as standard).

chitchat

@patient0 Thanks much, I'll check it out!