Block ip when openvpn goes down?
-
when openvpn goes down/disconnects, my computer suddenly connects to my real ip trough WAN, is it possible to block my computers ip from connecting to my WAN if the openvpn goes down? and connect when openvpn goes up again?
-
Yes, I got it like this
Make sure this is the highest rule in the list as the rules are being processed from top to bottom.
-
@Satras:
Yes, I got it like this
Make sure this is the highest rule in the list as the rules are being processed from top to bottom.
thanks, so when openvpn is connected, you have Connection to internet, and if openvpn goes down, your computer wont connect thru wan to internet?
i will try this later, thank you
-
sorry, but it didnt work, cant understand why.
-
The screenshot of the rule posted above is most certainly not doing what it is intended to do.
This rules blocks traffic from the LAN subnet to the imediate subnet on the WAN (not the internet).I suppose the OP want's to only allow the LAN to the internet as long as the OpenVPN tunnel is up.
As soon as the OpenVPN tunnel goes down, no internet access should be possible anymore?I suppose this thread provides the solution for you http://forum.pfsense.org/index.php/topic,65331.msg354989.html#msg354989
Especially this post: http://forum.pfsense.org/index.php?action=profile;u=233440 -
thanks alot, its finally working, i did it like this: http://forum.pfsense.org/index.php?action=dlattach;topic=65331.0;attach=34913;image
i just can say ,thank you all.
-
@tjabas
can you link the proper Image ? can't see it properly@GruensFroeschli
I guess you are right, I should have mentioned that I setup a GW for my VPN connections and made sure all LAN traffic flowes trough the VPNGW only.
I've been toled already that the LAN to WAN rule is useless, but I got the case once where I was still going onto the Internet when den VPN got down. SInce I got this rule in place it never happend again.Things have however changed in 2.1 now
-
I can't access that image either, but the way that I did it was to add an advanced option to the rule that passes traffic through the interface - the advanced option specifies the gateway as being the VPN interface dynamic gateway.
