OpenVPN Server and Client - secure config ?



  • Hello,

    I am embarrassed for my question but I really tried to figure it out by myself and couldn't. I've watched to pfSense Hangout on OpenVPN, read the manual, the Wiki and tried to find the question on the forum but it is still not clear.

    Config :

    • clientvpn to NordVPN : default LAN rule is redirected to VPN-gateway : this works.
    • OpenVPN server : defined on the WAN-gateway, clients can connect to the LAN and access info : this works.

    Question :
    It seems the rule named 'OpenVPN VPNserver Wizard' (see attachment) allows all traffic originating from NordVPN into the LAN. This is not exactly what I want. :)
    1. Am I right please ?
    2. If so, what is the best way to solve this please ?

    The goal is :

    1. to have LAN-access for clients connecting to the OpenVPN-server running on the WAN IP-address
    2. to have Internet-access for clients connecting to the OpenVPN-server through the NordVPN-gateway
    3. to have all traffic originating on the LAN go via the NordVPN-gateway
    4. to block all incoming traffic on the NordVPN - clients

    Any help would be greatly appreciated.  Thanks !



  • Same problem. Anyone ?


  • LAYER 8 Netgate

    Delete the rule. In fact have no rules on the OpenVPN tab at all.

    Assign interfaces to both OpenVPNs.

    Put the rules for incoming connections on each VPN client/server on the appropriate assigned interface tabs.



  • Didn’t know that was possible. It makes it a lot easier to manage.
    Are there some drawbacks to this approach ?


  • LAYER 8 Netgate

    You have to make sure the rules are properly-configured on both but not really.

    When you have one OpenVPN that is essentially a WAN and one that is private you really have no choice but to separate the rules.


Log in to reply