OpenVPN Firewall Rule Help
-
Below is an image of the Firewall rules for my OpenVPN clients. Now I understand OpenVPN bypasses all other tables, so security for clients should be done with rules in 'OpenVPN'. My question is this: How do I restrict clients to access only one singular LAN IP. I think I have the gist, but I'm very new to how PFSense Firewall rule ordering works and the documentation was a bit unclear. Preferably I'd like clients to only be able to Fileshare on the IP except admins. Thank you for any help.
-
@CantConfigureaVPN said in OpenVPN Firewall Rule Help:
Now I understand OpenVPN bypasses all other tables
So your understanding is wrong. Traffic is always seen in the inbound direction, no matter if it's Interface or Interface Group like 'OpenVPN'.
Read https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-basics.html
Also check out https://docs.netgate.com/pfsense/en/latest/book/openvpn/assigning-openvpn-interfaces.html-Rico
-
Okay, I read both articles. I already have my OpenVPN assigned to OPT1 and that's how I'm actually able to connect to the VPN. When any client comes in through that interface, so I assign the traffic filtering rules to interface OPT1 since that's where all the traffic goes through before the LAN interface?
-
Maybe this will help your understanding:
https://community.openvpn.net/openvpn/wiki/HowPacketsFlow
and
https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts -
What type of OpenVPN are you running exactly with pfSense? S2S, RAS, Client?
Maybe you can share some bit of your configuration.-Rico