Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Firewall Rule Help

    OpenVPN
    3
    5
    42
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CantConfigureaVPN last edited by

      Below is an image of the Firewall rules for my OpenVPN clients. Now I understand OpenVPN bypasses all other tables, so security for clients should be done with rules in 'OpenVPN'. My question is this: How do I restrict clients to access only one singular LAN IP. I think I have the gist, but I'm very new to how PFSense Firewall rule ordering works and the documentation was a bit unclear. Preferably I'd like clients to only be able to Fileshare on the IP except admins. Thank you for any help.

      b650c46f-23d9-493b-92fc-22980ac47f15-image.png

      Rico 1 Reply Last reply Reply Quote 0
      • Rico
        Rico LAYER 8 Rebel Alliance @CantConfigureaVPN last edited by

        @CantConfigureaVPN said in OpenVPN Firewall Rule Help:

        Now I understand OpenVPN bypasses all other tables

        So your understanding is wrong. Traffic is always seen in the inbound direction, no matter if it's Interface or Interface Group like 'OpenVPN'.
        Read https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-basics.html
        Also check out https://docs.netgate.com/pfsense/en/latest/book/openvpn/assigning-openvpn-interfaces.html

        -Rico

        1 Reply Last reply Reply Quote 1
        • C
          CantConfigureaVPN last edited by

          Okay, I read both articles. I already have my OpenVPN assigned to OPT1 and that's how I'm actually able to connect to the VPN. When any client comes in through that interface, so I assign the traffic filtering rules to interface OPT1 since that's where all the traffic goes through before the LAN interface?

          1 Reply Last reply Reply Quote 0
          • Pippin
            Pippin last edited by

            Maybe this will help your understanding:
            https://community.openvpn.net/openvpn/wiki/HowPacketsFlow
            and
            https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts

            1 Reply Last reply Reply Quote 0
            • Rico
              Rico LAYER 8 Rebel Alliance last edited by

              What type of OpenVPN are you running exactly with pfSense? S2S, RAS, Client?
              Maybe you can share some bit of your configuration.

              -Rico

              1 Reply Last reply Reply Quote 0

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2020 Rubicon Communications, LLC | Privacy Policy