Help with filtering from communications from outside the network.

koren · Jun 10, 2021, 9:59 AM

Hello, I'm coming from Fortinet products and I can't realize what happens here.
I have Pfesense installed on VPS.
I want to connect to him via vpn (L2TP or OpenVpn).
I've disabled the LAN because its not needed in my situation.
I want to block any access to the server (ICMP, AdminGui and any other protocols) except VPN connection's .
And I want to allow to VPN connections full access.
The target is to block all communication from outside the network and pass all communication from inside the network (VPN users,client,adapter hhhh)

viragomann · Jun 10, 2021, 5:50 PM

@koren
By default pfSense blocks anything that is not explicitely allowed by a pass rule.

Only access to the web configurator is enabled on the LAN or the only one remaining interface for ensuring you're not locking out yourself. You can disable this by adding a check at System> Advanced> Admin Access> Anti-lockout.

To enable access to the OpenVPN server you have to add an appropriate rule on the incoming interface.

On a VPN interface pfSense allow any-to-any by default anyway.

koren · Jun 10, 2021, 7:16 PM

@viragomann
I will explain, I want do block all the types of communication from outside. But enable full access after connecting to the server with vpn.
I’ve tried many configurations and nothing works.
Can you tell me how I can do this?

viragomann · Jun 10, 2021, 7:40 PM

@koren
There is no need to block anything on LAN or VPN interface, since pfSense blocks any by default.

So what have you done so far? Do you already have a vpn up and connected?
You need to provide details regarding your problem.

koren · Jun 10, 2021, 7:58 PM

@viragomann
Ok , listen.
I want to block all the communication from outside my network (PFSENSE)
and enable all from VPN Client.
this pfsense is for Firewall on a cloud.
Im connecting to this firewall with vpn and transfering all my network through this firewall and this firewall saves me from ddos and any thing else.
The vpn conenction is up and connected but i still can't ping the server him self and cant connect to the gui. now you understand?
I want to allow all the communication if its goes from the vpn to the server.

viragomann · Jun 10, 2021, 8:09 PM

@koren said in Help with filtering from communications from outside the network.:

The vpn conenction is up and connected but i still can't ping the server him self and cant connect to the gui.

Which type of vpn?
Are the routes set correctly on the client when the vpn is connected?

koren · Jun 12, 2021, 3:00 PM

@viragomann
routes? bro im connecting from my router gui, I have an option for this.
I can do everything except ping the server and connect to the gui while connecting to the vpn .