OpenVPN Firewall Rule Help
Below is an image of the Firewall rules for my OpenVPN clients. Now I understand OpenVPN bypasses all other tables, so security for clients should be done with rules in 'OpenVPN'. My question is this: How do I restrict clients to access only one singular LAN IP. I think I have the gist, but I'm very new to how PFSense Firewall rule ordering works and the documentation was a bit unclear. Preferably I'd like clients to only be able to Fileshare on the IP except admins. Thank you for any help.
Now I understand OpenVPN bypasses all other tables
So your understanding is wrong. Traffic is always seen in the inbound direction, no matter if it's Interface or Interface Group like 'OpenVPN'.
Also check out https://docs.netgate.com/pfsense/en/latest/book/openvpn/assigning-openvpn-interfaces.html
Okay, I read both articles. I already have my OpenVPN assigned to OPT1 and that's how I'm actually able to connect to the VPN. When any client comes in through that interface, so I assign the traffic filtering rules to interface OPT1 since that's where all the traffic goes through before the LAN interface?
Pippin last edited by
Maybe this will help your understanding:
What type of OpenVPN are you running exactly with pfSense? S2S, RAS, Client?
Maybe you can share some bit of your configuration.