Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    configure PfblokerNg to redirect traffic on the OpenVPN interface?

    Scheduled Pinned Locked Moved OpenVPN
    15 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hieroglyph @A Former User
      last edited by

      @antonio-briguglio No problem. Ok, I think I understand what you are asking now.

      How to block traffic with pfblocker when remotely connected to your pfsense box using openvpn?

      Go to Firewall > pfblockerNG > IP. Scroll down to "IP Interface/Rules Configurations". Select the LAN interface, select the openvpn interface, and save.
      Screenshot from 2021-02-15 21-08-48_IP.png

      Go to Firewall > pfblockerNG > DNSBL. Scroll down to "DNSBL Configuration". Select the "Permit Firewall Rules" checkbox. Then select the LAN interface, select the openvpn interface, and save.
      Screenshot from 2021-02-15 21-10-49_DNSBL.png

      Go to Firewall > pfblockerNG > Update
      Select reload.
      Select all.
      Select run.
      Wait for it to complete.

      Go to Services > DNS Resolver. Scroll down to "Network Interfaces". Select the LAN interface and the openvpn interface.
      Scroll down to "Custom Options" and verify this is in the text box: server:include: /var/unbound/pfb_dnsbl.*conf
      Select "save".

      Go to Firewall > Rules. Select "Floating". Make sure LAN and openvpn are shown as interfaces in the automatically created pfblocker rule.

      ? 2 Replies Last reply Reply Quote 0
      • ?
        A Former User @hieroglyph
        last edited by

        This post is deleted!
        H 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @hieroglyph
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • H
            hieroglyph @A Former User
            last edited by

            @antonio-briguglio Is your openvpn server setup to force clients to use it as their DNS server?
            Screenshot_2021-02-16 VPN OpenVPN Servers Edit - AlphaTrion tld.png

            ? 3 Replies Last reply Reply Quote 0
            • ?
              A Former User @hieroglyph
              last edited by

              @hieroglyph yes

              ? 1 Reply Last reply Reply Quote 0
              • ?
                A Former User @A Former User
                last edited by A Former User

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User @hieroglyph
                  last edited by

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • ?
                    A Former User @hieroglyph
                    last edited by

                    This post is deleted!
                    H 1 Reply Last reply Reply Quote 0
                    • H
                      hieroglyph @A Former User
                      last edited by

                      @antonio-briguglio

                      Go to Firewall > pfblockerNG > IP
                      If pfblocker is setup the way the rest of pfsense is; "Inbound Firewall Rules" would apply to the LAN and openvpn interfaces. Not the WAN interface. Unless you have a special condition requiring WAN to be included as an inbound interface. Usually pfblocker rules are not needed on LAN because the default action is to block all traffic trying to enter thru the WAN. In this case, inbound rules should apply to the traffic coming into pfsense from from the LAN and openvpn interfaces. Treat the openvpn interface as just another LAN interface.

                      Outbound firewall rules most likely do not need to be selected. But I must admit it has been an while since I have used the pfblocker auto-rules. I cannot remember if I used outbound firewall rules at all.

                      The DNS Resolver settings, the Network Interfaces should be LAN, openvpn, and localhost. The Outgoing Network Interface should be WAN.
                      Screenshot_2021-02-16 Services DNS Resolver General Settings - AlphaTrion tld.jpg

                      ? 1 Reply Last reply Reply Quote 0
                      • ?
                        A Former User @hieroglyph
                        last edited by

                        @hieroglyph thank you :-)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.