Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec rules to only allow specific pc's

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 214 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      p912s
      last edited by

      Hello all!

      Still new to pfSense and thought I had a handle on how the rules work having successfully implemented rules to allow/block traffic between 3 vlans. But have been unable to block traffic over the IPsec tunnel to a remote office.

      Remote network: 192.168.224.0/24
      Local network: 192.168.1.0/24

      Currently any pc on the local network can access any pc/nas on the remote network. I want to block all pc's on the local network except 192.168.1.31 from accessing the remote network. So I added this rule to the local network's interface.

      001.jpg

      But still any pc on the local network can access any pc/nas on the remote. Similar rules allow/block pc's from accessing other vlans.

      So I added rules to the IPsec interface.

      002.jpg

      From other threads I've read they said the source for IPsec is the remote network and the destination is the local network. And I've entered the above rules flipping the source/destination and that doesn't work either.

      What am I not understanding or doing wrong?

      Appreciate any help.

      Thanks

      Scot

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.