IPSEC/OpenVPN disregards firewall rules
-
Hi all. I am missing something here. I'm not shall we say well versed with pfsense since I set something up and it just works. No need to fiddle.
I have a couple of ipsec tunnels to other sites and openvpn for laptops plus a raspberry on a gsm stick in my summer house. All working just fine.
I logged into my 'summer house' today and figuring it was unnecessary to give it full access to my network due to it having a known vulnerability in its USB modem that I can't fix, I decided to block all but mqtt into my network.
Here is what I seem to misunderstand and need help:
I can't block traffic from openvpn. My only rule in 'firewall/openvpn' is block all. Still I can ping remote. I blocked all from openvpn virtual network to lan, can still log in. I remember the first VPN I set up many years ago I did the opposite, could not get it to work because I missed the firewall/ipsec rule.
I also tried to block all my ipsec tunnels, but I can still get traffic through.
What am i misunderstanding?
pfsense 2.4.4-RELEASE-p3 (amd64)Thanks in advance.
//Peter -
The rules on OpenVPN block connections into your firewall, not out of it.
-
Oh, doh, right. When I ping the vpn client the traffic is allowed by my LAN rule and not subject to that ruleset, return traffic I assume is allowed because there is a state established. I see now that the remotes can not initiate traffic if I place rules in 'openvpn'. Thanks.