Rules/settings to get OpenVPN users access to the LAN and other interfaces.



  • Trying to understand how the rules/rules tabs are related to eachother and i hope someone will be able to tell me or refer to the correct documentation where i can read this.
    here is an example:

    in the OpenVPN Rules tab, there is a rule that allowes port 22 access to LAN addresses.

    no access to LAN addresses is allowed.

    added an allow all rule to the LAN Rules tab. still no access.

    the only thing that is pingable on the lan is the pfsense IP.

    what is missing?



  • The rules on an interface tab apply to traffic coming IN on that interface. The first packet when a "connection/flow/session" is first started is checked by the rules, then if it is permitted, a firewall flow/state is added, and subsequent packets in both directions that match the flow/state are allowed.
    Thus, to get out from LAN (to the internet…) a suitable pass rule is needed on LAN. For a connect coming from a client on the other end of an OpenVPN link, a rule is needed on OpenVPN to allow the incoming connect. Once the flow is established, the traffic in both directions for that flow "flows":)
    That might be enough to give you the concept and you will be able to apply it in practice.