1. Home
  2. pfSense® Software
  3. OpenVPN
  4. Problem with site-to-site VPN and filtering OpenVPN Traffic to the LAN [SOLVED]

Problem with site-to-site VPN and filtering OpenVPN Traffic to the LAN [SOLVED]

  • G

    Hi,

    my setup involves 3 Site to Site VPNs using PKI. These are fully functional.
    I am running 1.2.3RC3 where you can assign the tunX interface to an interface say optX.
    So it is possible to use firewall rules to direct Traffic.
    I followed the Tutorial at http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN#Filtering_OpenVPN_Traffic and http://doc.pfsense.org/index.php/OpenVPN_Traffic_Filtering_on_1.2.3.
    The Problem is, I am not able to block Traffic to the LAN Network (on the main site) or any other Network, that is routed through the OpenVPN.
    The remote sites should be able to talk to the WSUS and file server in the DMZ2 network on the main site, which is functioning properly.
    The LAN network on the main site should be able to "talk" to each remote site LAN, but should be protected from connection attemps from there. So it should be like the standard pfsense LAN to WAN setting, but with LAN to VPN.
    Is there any way to get the firewall rules working?
    In Advanced Config  "Disable all auto-added VPN rules" is on.
    The tunnel interface tun1 is OPT6 and has a firewall rule set to allow only traffic from these 3 site LANs to the DMZ2 subnet.
    But according to the packet capture from OPT6 interface, every traffic is going right through. Even pinging the main site LAN is possible.
    The VPN server runs on the main site, site1-3 are clients. The main site LANnet is pushed to the clients, but any attempt to access another network other than the DMZ2net on the main site should be denied. Only when a client on the LANnet iniutiated the traffic,it should be allowed.
    The Topology:
                                             "some other Nets"
                                                        |
                                                     OPTX
                                                        |
                    wsus–DMZ2net--OPT4--main--LAN--LANnet--Hosts
                                                        |
                                                     WAN
                                                        |
           Hosts--LAN--site2--WAN----Internet–--WAN--site3--LAN--Hosts
                                                        |    
                                                     WAN
                                                        |
                                                      site1
                                                        |
                                                      LAN
                                                        |
                                                     Hosts

    Edit:
    Problem was solved by upgrading to 1.2.3RELEASE
    I am very happy with the new release by now :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy