Re: [pfSense] Firewall rules on OpenVPN interface

[Steve Yates]

What is the purpose of the VPN?  For instance if you are only accessing 
one remote network you could set up a rule to allow only the remote subnet.  
Blocking private subnets would block 10.x.x.x, 192.168.x.x, etc.  Blocking 
bogons blocks unassigned IP ranges that shouldn't have traffic yet.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List  On Behalf Of Antonio
Sent: Sunday, May 6, 2018 4:34 AM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] Firewall rules on OpenVPN interface

Hi,

I was wondering is the "*Block private networks and loopback addresses*"
and "*Block bogon networks*" shoudl be ticked for the interface I have
created for my OpenVPN client?

Do I need to allow incoming requests on that interface? I copied the
configuration from the internet to connect to my VPN provider but it
gave no detail around these options. You would expect the link to be
secure and I guess the only risk is if the VPN provider sends requests
to my internal network?

Thanks

-- 


Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] DNS configurazione under VPN

[Stephane Bouvard]

Hi,

Try this :

- Create a gateway group (System / Routing / Gateway Groups) with VPN 
Gateway as Tier 1 and WAN Gateway as Tier 2


- Use this gateway group as outgoing gateway (in my config, i use a LAN 
Firewall rule with the created gateway group, and i use LAN as outgoing 
interface for my DNS Resolver).


In any case, if you configure your DNS Resolver to use the LAN interface 
as outgoing interface, the DNS Resolver should use the same routing than 
your computer, VPN or not.





Le 07-05-18 à 01:09, Antonio a écrit :

After messing around for much of the weekend and reading a bit here and
there I have made one small step to achieving my goal. Basically, I am
able to bound the DNS Resolver to the VPN interface by selecting it
under "Outgoing Network Interfaces". This all traffic goes through the
VPN tunnel, including DNS queries. Infact, when I go on dnsleaktest.com,
I do not have any leaks and this is very positive.

The only problem is that when the VPN link fails, then I cannot resolve
DNS queries anymore on my LAN devices. So, what I need to do now, is
understand how I can achieve this automatically, i.e. when the VPN link
comes up, it tells the DNS Resolver to route through the VPN tunnel;
when the VPN link is down, it tells the DNS Resolver to route the DBS
queries through the LAN interface. Any suggestions?

--
Bien à vous...

 _  Envie de vous concentrer sur votre coeur de métier ?
(_'Nous gérons et surveillons vos serveurs pour vous
,_)téphane Bouvard   http://www.myown.eu
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold