firewall rules for OpenVPN and FreePBX?



  • here is the scenario/problem I have;

    multiple Snom VOIP phones as OpenVPN clients (10.0.9.0/24) from branch offices are connected to our network (192.168.74.0/24) via OpenVPN Server (10.0.9.0/24) on PfSense however they cannot register to FreePBX Server (192.168.74.50) due to I believe, some firewall issues.

    What should be the firewall rules on the LAN and OpenVPN Server interfaces to make sure that OpenVPN clients can access LAN and registers on FreePBX Server?

    Thanks,

    Savas



  • @savas
    Start with basic Pass rule, source is your OpenVPN subnet, destination - your LAN subnet. Then test without any VoIP, just try to ping from remote PC [running OpenVPN client].

    The rest is not related to the subject.
    Make sure your IP phones are not trying to discover their external IPs using STUN, etc. and your OpenVPN subnet is added as a local subnet on FreePBX/Asterisk.



  • Thanks Andrew, I did the following and it seems it is working now.

    LAN interface: pass rule from LAN net to OpenVPN net
    OpenVPN interface: pass rule from OpenVPN net to LAN net
    Outbound NAT: nothing for the OpenVPN interface and the OpenVPN net