Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Secure Relay Question

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 515 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hoserman
      last edited by

      In the PFSense documentation under "Common deployments" it talks about "Secure Relay".
      I've searched all over the internet and cannot find that term used anywhere? I want to only allow vpn traffic in and out to the internet. Can someone point me in the right direction please?😊

      Best Regards

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Hoserman
        last edited by

        @hoserman
        This is a straight forward set up. You only need a rule on the OpenVPN interface, which allows only upstream traffic and to be secure an additional that blocks access to local subnets.

        Do you run multiple OpenVPN instances or only one? If the latter you can run the wizard and state to direct the whole upstream traffic over the VPN and provide a public DNS server.
        Then you should just have to add a block rule to the top of the OpenVPN rule set for your local networks.
        Best practice is to block all private network ranges by adding an RFC 1918 alias and use it in the block rule as destination.

        If you provide pfSense for DNS resolution you have to allow the access by an additional rule.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.