Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow Access to Single IP from VPN

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ieatfish
      last edited by

      How do I set up OpenVPN on pfSense 2.0 RC3 to allow the VPN network to have access to a single IP on our internal network. For example, our OpenVPN clients are all on 192.168.3.0/24 and we don't care if they talk to each other. They need to be blocked from our internal network as a whole but have access to a single IP, 192.168.1.8. How do I set that?

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        Go to Firewall -> Rules
        There is an OpenVPN tab and there you only add one rule:

        Action: pass
        Protocol: any
        Source: 192.168.3.0/24
        port: any
        destination: 192.168.1.8/24
        port: any

        thats all.

        1 Reply Last reply Reply Quote 0
        • I
          ieatfish
          last edited by

          @Nachtfalke:

          Go to Firewall -> Rules
          There is an OpenVPN tab and there you only add one rule:

          Action: pass
          Protocol: any
          Source: 192.168.3.0/24
          port: any
          destination: 192.168.1.8/24
          port: any

          thats all.

          Do I leave the network it is allowed to access in the OpenVPN server configuration blank? I made this rule but I was able to access anything on the network.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            @ieatfish:

            @Nachtfalke:

            Go to Firewall -> Rules
            There is an OpenVPN tab and there you only add one rule:

            Action: pass
            Protocol: any
            Source: 192.168.3.0/24
            port: any
            destination: 192.168.1.8/24
            port: any

            thats all.

            Do I leave the network it is allowed to access in the OpenVPN server configuration blank? I made this rule but I was able to access anything on the network.

            Oh, I am stupid.
            the destination IP should be 192.168.1.8/32 of course NOT subnet mask /24
            This rule must be on top of all other OpenVPN Firewall rules. Perhaps you can post a screenshot of your OpenVPN firewall rules.

            In the OpenmVPN server you have to enter the destination network 192.168.1.0/24.
            This let the client know that it should use the OpenVPN tunnel to reach the network 192.168.1.0/24. It creates a routing entry on the client site. this in neccessary.
            restrictions will be made with the firewall rules.

            1 Reply Last reply Reply Quote 0
            • I
              ieatfish
              last edited by

              We have quite a few rules but they all apply to port forwards and such. The ones that we use for the VPNs are these, in this order in the list:

              Type: Allow
              Protocol: Any
              Source: 192.168.3.0/24
              Destination: 192.168.1.8

              Type: Block
              Protocol: Any
              Source: 192.168.3.0/24
              Destination: 192.168.1.0/24

              Type: Allow
              Protocol: TCP
              Source: Any:1195 (Port for VPN service)
              Destination: WAN Address

              I am still able to access 192.168.1.9 for example.

              edit: Oops, just realized I haven't been putting these rules in the OpenVPN tab. Durrrrrrr… I'll do some more testing.

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke
                last edited by

                The order of the rules should be correct - if in the OpenVPN tab.
                Please post back after testing.

                1 Reply Last reply Reply Quote 0
                • I
                  ieatfish
                  last edited by

                  It is working fine now. I had put the rules in the Firewall tab and completely forgotten about the OpenVPN one. Thanks for the help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.