Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Block VPN from talking with LAN

    OpenVPN
    2
    2
    1091
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spudnet last edited by

      Hello all.

      Quick background on my setup

      • I have my WAN going via DHCP
        I have my LAN on 10.10.1.0
        I have OPT1 on 192.168.1.0

      On the whole OPT1 setup I have this working for Private Internet Access VPN, this means that any device connected to OPT1 will be routed via the VPN and this works perfectly. I have a wireless access point connected directly to OPT1 as this connection goes to the other end of my house.

      What I want to do is make sure that the VPN connection cannot communicate with my LAN connection.

      I have setup blocks for the OPT1 connection to block LAN net and address and I have done the same on OPT1 to block LAN net and address.

      My interface for Private Internet Access is called PIAVPN I have added blocks on the firewall rules to block PIAVPN on net and address and done the same on the LAN.

      Everything works perfectly at the moment I just want to make sure that I have put in the correct rules to block anything on OPT1 and PIAVPN from connecting to my LAN.

      I also wanted to make sure that it's safe to leave the router permanently connected to the VPN client for security etc.

      Thanks all.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Unless you want inbound connections from PIA, then just remove or disable all rules on the OpenVPN tab and the PIAVPN assigned interface tab. Treat it like a WAN interface.

        If you do not want OPT1 to access LAN, then place a rule on OPT1 blocking traffic to destination LAN net.

        If you do not want LAN to access OPT1, then place a rule on LAN blocking traffic to destination OPT1 net.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post