have you tried out the latest nightly? :D
On 9/20/06, Kyle Mott <[EMAIL PROTECTED]> wrote:
Do we have any more info about this? Is it a bug? -Kyle Kyle Mott wrote: > No, that's not the case :D. All I did was follow the HowTo, and then > modify the ACL's. > > > -Kyle > > Rob Terhaar wrote: > >> ok perhaps this is a stupid question, but can you provide more >> information about your test case setup? ...erm more specifically, >> you're not trying to test the vpn connection while you're connected to >> the local lan side of your pfsense box? >> >> On 9/13/06, *Kyle Mott* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >> wrote: >> >> I removed all of the rules on my TUN0 interface, and it still let >> me get >> anywhere on the LAN when connected remotely. :< >> >> >> -Kyle >> >> Holger Bauer wrote: >> > We are trying to find out. So do what was suggested, delete all >> rules and reboot. If you still have full access on the openvpn >> interface it might be a bug or a limitation (which I can't say for >> sure right now). >> > >> > Holger >> > >> > >> >>-----Original Message----- >> >>From: Kyle Mott [mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>] >> >>Sent: Wednesday, September 13, 2006 10:09 PM >> >>To: [email protected] <mailto:[email protected]> >> >>Subject: Re: [pfSense Support] OpenVPN Clients and FW ACL's >> >> >> >> >> >>That's not an option. Rules are rules, and it should be >> blocking the >> >>traffic. All of my other rules on other interfaces work as >> expected. >> >> >> >>Can someone tell me if this is a bug? >> >> >> >> >> >>-Kyle >> >> >> >>Rob Terhaar wrote: >> >> >> >>>How about if you take all the rules out for the openvpn >> connection, >> >>>reboot the system, and see what your firewall does then? >> >>> >> >>> >> >>> >> >>>On 9/12/06, *Kyle Mott* < [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >> >> >><mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote: >> >> >> >>> I've attached a JPG. Even with that ACL, I can get to >> >> >> >>RDP on my main >> >> >> >>> box >> >>> on the LAN interface from any OVPN client. I followed >> >> >> >>the HowTo, but the >> >> >> >>> HowTo says to leave everything open for testing. After >> >> >> >>I got done with >> >> >> >>> testing, I removed the "generic" rules, and tried to >> >> >> >>only allow access >> >> >> >>> to specific hosts/ports/protocols, which doesn't seem >> >> >> >>to be working as I >> >> >> >>> would expect. >> >>> >> >>> >> >>> -Kyle >> >>> >> >>> Rob Terhaar wrote: >> >>> > Did you follow the howto on the wiki to get openvpn setup? >> >>> > what does your firewall ruleset look like for your openvpn >> >>> interface on >> >>> > the pfsense? >> >>> > >> >>> > >> >>> > >> >>> > On 9/12/06, * Kyle Mott* <[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> <mailto: >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>> wrote: >> >>> > >> >>> > Hi, >> >>> > >> >>> > I'm noticing that no matter what kind of block >> >> >> >>statements I >> >> >> >>> put on my >> >>> > LAN or TUN0 interface, my OpenVPN clients can >> >> >> >>always get to >> >> >> >>> anything it >> >>> > wants on the LAN interface (and vice versa). Is >> >> >> >>this normal >> >> >> >>> > behaviour? I >> >>> > was hoping to have a bit more granular control over >> what >> >>> clients can >> >>> > access when they are connected. I'm running RC2. >> >>> > >> >>> > >> >>> > >> >>> > -Kyle >> >>> > >> >>> > >> >>> >> >> >> >> >>--------------------------------------------------------------------- >> >> >> >>> > To unsubscribe, e-mail: >> [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> >> >>> > <mailto: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>>> >> >>> > For additional commands, e-mail: >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> >> >>> > <mailto: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>>> >> >>> > >> >>> > >> >>> >> >>> >> >>> >> >> >> >> >>--------------------------------------------------------------------- >> >> >> >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> >> >>> For additional commands, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >>> <mailto:[EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]>> >> >>> >> >>> >> >>> >> >> >>--------------------------------------------------------------------- >> >> >>To unsubscribe, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >>For additional commands, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >> >> >> >> > >> > >> > >> --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> > For additional commands, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: [EMAIL PROTECTED] >> <mailto:[EMAIL PROTECTED]> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
