VPN Secure Relay Question
-
In the PFSense documentation under "Common deployments" it talks about "Secure Relay".
I've searched all over the internet and cannot find that term used anywhere? I want to only allow vpn traffic in and out to the internet. Can someone point me in the right direction please?Best Regards
-
@hoserman
This is a straight forward set up. You only need a rule on the OpenVPN interface, which allows only upstream traffic and to be secure an additional that blocks access to local subnets.Do you run multiple OpenVPN instances or only one? If the latter you can run the wizard and state to direct the whole upstream traffic over the VPN and provide a public DNS server.
Then you should just have to add a block rule to the top of the OpenVPN rule set for your local networks.
Best practice is to block all private network ranges by adding an RFC 1918 alias and use it in the block rule as destination.If you provide pfSense for DNS resolution you have to allow the access by an additional rule.