Block VPN from talking with LAN


  • Hello all.

    Quick background on my setup

    • I have my WAN going via DHCP
      I have my LAN on 10.10.1.0
      I have OPT1 on 192.168.1.0

    On the whole OPT1 setup I have this working for Private Internet Access VPN, this means that any device connected to OPT1 will be routed via the VPN and this works perfectly. I have a wireless access point connected directly to OPT1 as this connection goes to the other end of my house.

    What I want to do is make sure that the VPN connection cannot communicate with my LAN connection.

    I have setup blocks for the OPT1 connection to block LAN net and address and I have done the same on OPT1 to block LAN net and address.

    My interface for Private Internet Access is called PIAVPN I have added blocks on the firewall rules to block PIAVPN on net and address and done the same on the LAN.

    Everything works perfectly at the moment I just want to make sure that I have put in the correct rules to block anything on OPT1 and PIAVPN from connecting to my LAN.

    I also wanted to make sure that it's safe to leave the router permanently connected to the VPN client for security etc.

    Thanks all.

  • LAYER 8 Netgate

    Unless you want inbound connections from PIA, then just remove or disable all rules on the OpenVPN tab and the PIAVPN assigned interface tab. Treat it like a WAN interface.

    If you do not want OPT1 to access LAN, then place a rule on OPT1 blocking traffic to destination LAN net.

    If you do not want LAN to access OPT1, then place a rule on LAN blocking traffic to destination OPT1 net.