GeoIP restricted access to OpenVPN



  • Hello,

    I try to limit the exposure of the OpenVPN-server to countries selected in GeoIP but it looks like I don't understand how to do it.

    What I did :

    1. Enable pfBlockerNG : it is definitely working.
    2. Select under Europe only France in IPV4 and List Action "Alias Match".
    3. Run Update - All
    4. Restricted the source to pfb_europe_v4

    I hoped this would result in the OpenVPN server only being accessible from France but it seems this is not the case.  I tried from Hong Kong, Brazil and the US and the VPNServer is still accessible.

    What am I doing wrong please ?

    Thanks,

    Stephen
    ![2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg](/public/imported_attachments/1/2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg)
    ![2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg_thumb](/public/imported_attachments/1/2017-10-30 08_15_50-a-n-fw.fam.eenj.eu - Firewall_ Rules_ WAN.jpg_thumb)



  • Is that rule you have on the WAN or LAN interface? 
    Explain the scenarios in how you tested from Hong Kong, Brazil and the US?
    Is the source set to "Single Host or Alias"?



  • Thanks for your help.

    1. The rule is on the WAN-interface.
    2. I used a company VPS in those countries. I verified with ipleak.net that the region was OK.
    3. Single host or alias




  • I have very similar setup as you and it works for me. Not really sure. I say double-check everything again.

    Have you tried rebooting the system after making those changes?


Log in to reply