4. Allow Access to Single IP from VPN

Allow Access to Single IP from VPN

  • I

    How do I set up OpenVPN on pfSense 2.0 RC3 to allow the VPN network to have access to a single IP on our internal network. For example, our OpenVPN clients are all on 192.168.3.0/24 and we don't care if they talk to each other. They need to be blocked from our internal network as a whole but have access to a single IP, 192.168.1.8. How do I set that?

    0
  • N

    Go to Firewall -> Rules
    There is an OpenVPN tab and there you only add one rule:

    Action: pass
    Protocol: any
    Source: 192.168.3.0/24
    port: any
    destination: 192.168.1.8/24
    port: any

    thats all.

    0
  • I

    @Nachtfalke:

    Go to Firewall -> Rules
    There is an OpenVPN tab and there you only add one rule:

    Action: pass
    Protocol: any
    Source: 192.168.3.0/24
    port: any
    destination: 192.168.1.8/24
    port: any

    thats all.

    Do I leave the network it is allowed to access in the OpenVPN server configuration blank? I made this rule but I was able to access anything on the network.

    0
  • N

    @ieatfish:

    @Nachtfalke:

    Go to Firewall -> Rules
    There is an OpenVPN tab and there you only add one rule:

    Action: pass
    Protocol: any
    Source: 192.168.3.0/24
    port: any
    destination: 192.168.1.8/24
    port: any

    thats all.

    Do I leave the network it is allowed to access in the OpenVPN server configuration blank? I made this rule but I was able to access anything on the network.

    Oh, I am stupid.
    the destination IP should be 192.168.1.8/32 of course NOT subnet mask /24
    This rule must be on top of all other OpenVPN Firewall rules. Perhaps you can post a screenshot of your OpenVPN firewall rules.

    In the OpenmVPN server you have to enter the destination network 192.168.1.0/24.
    This let the client know that it should use the OpenVPN tunnel to reach the network 192.168.1.0/24. It creates a routing entry on the client site. this in neccessary.
    restrictions will be made with the firewall rules.

    0
  • I

    We have quite a few rules but they all apply to port forwards and such. The ones that we use for the VPNs are these, in this order in the list:

    Type: Allow
    Protocol: Any
    Source: 192.168.3.0/24
    Destination: 192.168.1.8

    Type: Block
    Protocol: Any
    Source: 192.168.3.0/24
    Destination: 192.168.1.0/24

    Type: Allow
    Protocol: TCP
    Source: Any:1195 (Port for VPN service)
    Destination: WAN Address

    I am still able to access 192.168.1.9 for example.

    edit: Oops, just realized I haven't been putting these rules in the OpenVPN tab. Durrrrrrr… I'll do some more testing.

    0
  • N

    The order of the rules should be correct - if in the OpenVPN tab.
    Please post back after testing.

    0
  • I

    It is working fine now. I had put the rules in the Firewall tab and completely forgotten about the OpenVPN one. Thanks for the help!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy