Openvpn, local access to servers, but blocking vpn users to access the internet thru my gateway.



  • Hi Folks,

    I apologize for my possible stupid and ignorant question, i can think on the flow, but i cant make it working.

    I'm setting up Labs pods (networking) to my students, where they will be able to access everyone a localserver where I host several websites where they can train networking labs.

    My situation get complex, because, i need to block them to navigate to internet and everytime that i do that, i block my hosts to do it as well.

    The tunnel users are on subnet 172.16.0.0/24 and my hosts at 192.168.100.0/24 .

    If someone could give me a tip, i appreciate a lot.



  • @rumshot said in Openvpn, local access to servers, but blocking vpn users to access the internet thru my gateway.:

    My situation get complex, because, i need to block them to navigate to internet and everytime that i do that, i block my hosts to do it as well.

    How do you do that?
    Since the VPN clients and your local hosts are on different interfaces on pfSense, that should be easy to distinguish.

    Add an alias (Firewall > Aliases) and add all IPs to it, the VPN clients should be able to access. Then edit the filter rule on the OpenVPN tab (assuming there‘s an allow any rule) and set the destination to the alias.

    Consider that the VPN clients may also need access to pfSense itself for DNS or similar services.



  • @viragomann thank you so much it worked very well, however, somehow, everytime that i change rules or nat settings, i have to reboot the pfsense... otherwise it doesnt work.

    Maybe i will have to reinstall it. I loved PFENSE. no comparison with that horrible ASA.

    regards,


Log in to reply