strict firewall rules on OpenVPN

Lon Townsend · Oct 30, 2019, 11:49 PM

I am following documentation, in regards to tightening down my VPN, using point to point, configuration. I added rules on the OpenVPN tab from server lan to client lan, on my client firewall, and did the reverse on my server firewall. When i disabled the all OpenVPN rule, that the documentation says to normally create, my traffic wouldn't cross the VPN. Tunnel was still active, but my rules locked me out of other firewall. Was there anything else I needed to do? Maybe rebooting firewall in order for new rules to take affect?

johnpoz · Oct 31, 2019, 1:49 AM

huh? So you blocked access, and your wondering why you can not pass the traffic?

Lon Townsend · Oct 31, 2019, 8:19 PM

@johnpoz I know what i did, but how do i limit the traffic going across the VPN? I want to tighten it down for only one network. I understand that the tunnel connects two networks together, but is there a way to limit the type of traffic across it. We only really use it to make IP phones believe they are internal yet allowing clients to have their own network, separate from another network.

Rico · Nov 1, 2019, 8:20 PM

So what exactly is your actual problem/question? How to only allow connections from your phones in location A to the PBX in location B?
The easy way in a nutshell:
Add some alias containing all your phone IPs, use it in a Firewall Rule as Source with Destination your PBX.

Later you can go crazy only allowing specific protocols/ports if you want...

-Rico

Lon Townsend · Nov 1, 2019, 8:20 PM

@Rico I think I have actually done that on the VPN server side by adding the WAN interface of the client, to the rule on the server side. Basically saying only allow traffic from this WAN interface to access the server WAN across port 1200. Its the OpenVPN rule, from client to server that isn't doing anything. The ALLOW ALL rule, on the OpenVPN tab is doing everything.

glark · Nov 27, 2019, 8:44 PM

This post is deleted!