Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Rules being ignored when VPN client down ?

    Off-Topic & Non-Support Discussion
    3
    5
    110
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • randombits
      randombits last edited by randombits

      Iv'e been playing with FreeOPENVPN and discovered when it's down I can still get internet access via the WAN/WAN2 even though the LAN2 rule states only to go via the VPN gateway ? The only way I can force it not to go via the WAN/WAN2 is turn off WAN and WAN2 gateways to LAN2 leaving freeopenvpn.

      screencapture-192-168-1-109-firewall-nat-out-php-2019-05-30-18_28_52.png

      screencapture-192-168-1-109-firewall-rules-php-2019-05-30-18_28_43.png

      screencapture-192-168-1-109-system-gateways-php-2019-05-30-18_28_47 (1).png

      screencapture-192-168-1-109-system-gateways-php-2019-05-30-18_28_47.png

      T 1 Reply Last reply Reply Quote 0
      • T
        TheNarc @randombits last edited by

        @randombits The easiest way to accomplish this is via packet tagging:
        https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

        1 Reply Last reply Reply Quote 0
        • randombits
          randombits last edited by

          Thanks, I always assumed rules would block it but obviously not with VPN client servers. I only discovered it by accident when the VPN was down and still had access!.

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            If the VPN gateway rule is the only pass rule you can prevent it from passing traffic at all when the gateway is down by checking the option Skip rules when gateway is down in Sys > Adv > Misc.
            That will then leave you with no pass rules on that interface. That would only work in your case during the scheduled time you have that block rule applying.

            Steve

            1 Reply Last reply Reply Quote 0
            • randombits
              randombits last edited by

              Thanks Steve, I tried @TheNarc link and that seems to work (locked myself out the WAN at first 🙄 ) I'll also turn on skip rules as you mention.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy