Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Issues with accessing certain subnets when remotely connected through OpenVPN server

    Firewalling
    1
    2
    67
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Agent666 last edited by Agent666

      Hi All

      I have my home network setup as follows:-

      LAN 192.168.1.0/24 - router then switch
      SVR 10.10.10.1/24 - A DMZ containing a single internet facing server. Plugged directly into my router ethernet
      DMZ 192.168.69.1/24 - A DMZ only containing 1 server thats only accessible locally from within the Local area network. Setup on a VLAN on switch.

      A OpenVPN server is setup on 192.168.2.0/24 subnet.

      There is also a VPN group which the bulk of my traffic goes out over (2x connections to ExpressVPN). Selected traffic goes out via my ISP, such as gaming consoles and some internet enabled TV's.

      When working locally I have rules to access any subnet from LAN, but reject any traffic from SVR and DMZ interfaces to any other interface (for DMZ behaviour). Everything works as required.

      I can connect to OpenVPN server and access any machines on LAN interface (i.e. using VNC or SSH) (without any rules on OpenVPN interface apart form allow all), but cannot seem to workout what rules I need to access servers on SVR and DMZ (SSH and via VNC).

      Firewall Rules setup as follows:-

      Floating
      db25fa84-7e84-4171-987a-7e2f1a0a2ad2-image.png

      WAN
      8a7f7f06-b932-4b38-9c9f-d99b801d452e-image.png

      LAN
      bead70a4-43e7-4e5a-b085-92ba7fe1578d-image.png

      DMZ
      7eec7af9-f0b3-437d-9810-3d10d2312fcc-image.png

      VPN1/2 are blanks with no rules.

      SVR
      1443e61f-017e-4a07-a0a0-7241606d0c76-image.png

      OpenVPN
      9b7d2e6a-087f-4dda-b540-41664d245a67-image.png

      NAT/Port forwards
      c58ee046-6401-4b7a-a863-9ded4954eb6c-image.png

      NAT/Outbound (not really sure if I needed all these, but hey it works).
      fe3218ba-fa7e-4913-82c1-d2b923100e49-image.png

      Let me know if anything else is required/helps

      1 Reply Last reply Reply Quote 0
      • A
        Agent666 last edited by

        For anyone else that follows, the issue/solution was actually nothing to do with firewall rules, instead you need to specify the local networks that are accessible in the OpenVPN server configuration!

        a18c1840-79cc-4c09-8f91-8fe653a756c1-image.png

        1 Reply Last reply Reply Quote 1
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy