IPSec work with no inbound rule in firewall
-
Hello,
I have installed a IPSec VPN mobile client server on my pfSense.
Access is from the WAN interface.
I don't understand how the VPN connections work while everything is blocked in my firewall in WAN.
I did not create a rule to allow connections and yet IPSec can be reached from the outside.IPSec bypass the firewall?
thanks
-
'pfctl -sr' will show you all of the rules. Not everything is exposed in the gui.
You can look here for more from Netgate in the documentation:
https://docs.netgate.com/pfsense/en/latest/firewall/pf-ruleset.html
-
@fabiensch pfsense automatically adds rules to allow ipsec when you create it. The rules do not show up on the wan interface firewall. This can be disabled so that you have to manually create the firewall rules for esp, port 500, and port 4500. See more at:
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#disable-auto-added-vpn-rules
-
@gabacho4 sorry use this link instead
https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html#firewall-ipsec
-
Everything is explained. Thank you for your answers!