[SOLVED] OpenVPN : can't get internet to the clients (firewall rules issue)
First of all, thanks to anyone reading this post. I'm pretty sure my problem is about a firewall rule, but I may be wrong.
So, I have a OpenVPN server on my main pfSense. I whish that my connected clients get internet access, but not access to the whole local network for security reasons. So I configured NAT and OpenVPN firewall rules as the pictures included in this post. (I tried destination WAN NET and WAN ADDRESS with no luck).
What I've discovered is that if I put * as destination for the firewall rule, I now get internet access, but also full access to the local network which is not wanted.
Example of what I see from the firewall log:
Apr 8 12:51:46 ovpns1 Default deny rule IPv4 (1000000103) 192.168.99.2:57908 184.108.40.206:443 TCP:RA
OpenVPN subnet : 192.168.99.0/24
Redirect gateway is enabled for the VPN Server.
Destination WAN net is not the internet. Destination any is the internet.
If your WAN interface is 198.51.100.18/29, then WAN net = 198.51.100.16/29 - those are the only destinations that will be passed by that rule. I'm sure you can see how that is NOT the whole internet.
Oh. So then, if I make it destination "any", I have to make rules to block each individual VLANs right ?
Pass the specific local assets you want them to access
Block the less-specific local assets you do not want them to access (This can often be an RFC1918 alias or similar - Do not neglect This firewall as well)
Pass everything else (the internet)
Thank you very much for the solution!
I made an alias for localdomain so it makes things easier and cleaner in the rules. Thanks again!