Re: [pfSense Support] OpenVPN Clients and FW ACL's

Wed, 13 Sep 2006 13:09:10 -0700

That's not an option. Rules are rules, and it should be blocking the traffic. All of my other rules on other interfaces work as expected. 

Can someone tell me if this is a bug?


-Kyle

Rob Terhaar wrote:
How about if you take all the rules out for the openvpn connection, reboot the system, and see what your firewall does then? 



On 9/12/06, *Kyle Mott* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:

    I've attached a JPG. Even with that ACL, I can get to RDP on my main
    box
    on the LAN interface from any OVPN client. I followed the HowTo, but the
    HowTo says to leave everything open for testing. After I got done with
    testing, I removed the "generic" rules, and tried to only allow access
    to specific hosts/ports/protocols, which doesn't seem to be working as I
    would expect.


    -Kyle

    Rob Terhaar wrote:
     > Did you follow the howto on the wiki to get openvpn setup?
     > what does your firewall ruleset look like for your openvpn
    interface on
     > the pfsense?
     >
     >
     >
     > On 9/12/06, * Kyle Mott* <[EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>>> wrote:
     >
     >     Hi,
     >
     >     I'm noticing that no matter what kind of block statements I
    put on my
     >     LAN or TUN0 interface, my OpenVPN clients can always get to
    anything it
     >     wants on the LAN interface (and vice versa). Is this normal
     >     behaviour? I
     >     was hoping to have a bit more granular control over what
    clients can
     >     access when they are connected. I'm running RC2.
     >
     >
     >
     >     -Kyle
     >
> --------------------------------------------------------------------- 
     >     To unsubscribe, e-mail: [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>
     >     <mailto: [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>>
     >     For additional commands, e-mail: [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>
     >     <mailto: [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>>
     >
     >


    ---------------------------------------------------------------------
    To unsubscribe, e-mail: [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>
    For additional commands, e-mail: [EMAIL PROTECTED]
    <mailto:[EMAIL PROTECTED]>





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to