Issues with Firewall rules on openVPN Interface
-
Hi,
I am having trouble with my firewall rules on my openVPN interface.
I created an openVPN Server and added an interface for this server so that I could add different rules for each server. The rules should provide connections to all needed network services (DNS, NTP, some MS DC stuff,...).
However when monitoring the Client Traffic, i cannot see any returning packets like DNS responses, just outbound traffic.
I created a "block all" rule at the bottom to log the traffic that would be blocked anyway, however all connections seem to work. The state table also validates this as there are states for my client. However the logging on my "pass" rules does not log anything.
When using a default allow any traffic rule, everything is working like it should.
What am I missing in the Rule Settings?
I also tried using the "interface net" setting as the source address.
To explain my screenshot:
dnsServers is an alias pointing on 2 aliases (samba0_DMZ & nas0_DMZ) as well as to FQDNs
dnsServices is an alias representing the ports 53 and 853
ntpServers is pointing on my local ntp-Server over its FQDN
samba0_DMZ is pointing on the IPv4 of the server with the possibillity to add the IPv6
nas0_DMY does the same thing except for nas0
-
Firewall Rule processing is:
- Floating Tab
- Group Tabs (OpenVPN for example)
- Interface Tabs
So if you have any-any on your OpenVPN group tab traffic will never hit the OpenVPN Interface.
Which Interface is your screenshot showing?-Rico
