Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GeoIP restricted access to OpenVPN

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stephen175
      last edited by

      Hello,

      I try to limit the exposure of the OpenVPN-server to countries selected in GeoIP but it looks like I don't understand how to do it.

      What I did :

      1. Enable pfBlockerNG : it is definitely working.
      2. Select under Europe only France in IPV4 and List Action "Alias Match".
      3. Run Update - All
      4. Restricted the source to pfb_europe_v4

      I hoped this would result in the OpenVPN server only being accessible from France but it seems this is not the case.  I tried from Hong Kong, Brazil and the US and the VPNServer is still accessible.

      What am I doing wrong please ?

      Thanks,

      Stephen
      ![2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg](/public/imported_attachments/1/2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg)
      ![2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg_thumb](/public/imported_attachments/1/2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • B
        bartkowski
        last edited by

        Is that rule you have on the WAN or LAN interface? 
        Explain the scenarios in how you tested from Hong Kong, Brazil and the US?
        Is the source set to "Single Host or Alias"?

        1 Reply Last reply Reply Quote 0
        • S
          Stephen175
          last edited by

          Thanks for your help.

          1. The rule is on the WAN-interface.
          2. I used a company VPS in those countries. I verified with ipleak.net that the region was OK.
          3. Single host or alias

          Image.png
          Image.png_thumb

          1 Reply Last reply Reply Quote 0
          • B
            bartkowski
            last edited by

            I have very similar setup as you and it works for me. Not really sure. I say double-check everything again.

            Have you tried rebooting the system after making those changes?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.