Block VPN traffic from accessing WAN Subnet - Two Firewalls



  • Hello, I didn't know if this post should go under OpenVPN or firewall but I am going with firewall…

    I have a configuration where I have one router provided by the ISP, behind that I have my PFsense configured with OpenVPN. My PFsense is in a DMZ from the router so that I don't need to configure port forwarding on both.

    For my configuration, I do not want my immediate LAN and VPN traffic to be able to see the WAN subnet which is that of the my other LAN in-between my PFsense and the ISP router. I have made this configuration under the LAN interface successfully which blocks all 192.168.0.0/24 traffic from seeing the WAN subnet 192.168.1.0/24 subnet, however my VPN traffic can still see these addresses. How/where can I create a block rule which will prevent the VPN traffic from seeing the WAN subnet that will not impact the ability for my VPN clients to still reach the internet?

    For those who are wonder why I want to do this, I am trying to configure a Site to Site VPN where the subnet I bringing in is a 192.168.1.0/24 subnet and I don't want for there to be a IP conflict with the existing WAN subnet.



  • Maybe some vpn clients local networks may overlap with 192.168.1.0/24.

    Just copy the block rule, edit it, change the interface to openvpn and the source to any.