Skype routing through OpenVPN

  • Hi

    I have a site-to-site OpenVPN link (pfsense on both sides). I have defined a clear set of rules on what traffic to allow through the VPN.

    User 1 at site A Skypes User 2 at site B. (or vice-versa)
    The Skype Call connects over the VPN link. Even if I disable all rules under the OpenVPN interface, it still allows traffic through.

    I enabled logging of all traffic for the firewall and found that this rule is allowing the traffic through:

    pass out log inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"

    Any pointers or tips how to get around this. The Skype call really slows the VPN experience (limited bandwidth) and the VPN is only meant for RDP.
    Any help would be appreciated!

  • If there are pass rules on LAN, then the traffic is going to get out of the source end. But if you really disabled all OpenVPN rules on the remote end, then the traffic must be dropped on arrival at the remote pfSense. That should stop any intranet-based Skype connection from being set-up, and Skype should end up finding its way out to public internet Skype servers to make the connection.

    If you are just using the site-to-site OpenVPN for traffic to servers at other sites (like you say, using RDP, or file-shares or…) then you can make the rules on LAN to pass to just those remote server IPs and block to the rest of the remote intranet subnet/s. And similar rule/s on the OpenVPN incoming at the end for good measure. That should stop client-to-client stuff across the OpenVPN.

Log in to reply