Discussion:
[pfSense] Firewall rules on OpenVPN interface
Antonio
2018-05-06 09:33:50 UTC
Permalink
Hi,

I was wondering is the "*Block private networks and loopback addresses*"
and "*Block bogon networks*" shoudl be ticked for the interface I have
created for my OpenVPN client?

Do I need to allow incoming requests on that interface? I copied the
configuration from the internet to connect to my VPN provider but it
gave no detail around these options. You would expect the link to be
secure and I guess the only risk is if the VPN provider sends requests
to my internal network?

Thanks
--
Respect your privacy and that of others, don't give your data to big corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging or
Diaspora* (https://joindiaspora.com/) for your social networking.
Steve Yates
2018-05-07 16:35:28 UTC
Permalink
What is the purpose of the VPN? For instance if you are only accessing one remote network you could set up a rule to allow only the remote subnet. Blocking private subnets would block 10.x.x.x, 192.168.x.x, etc. Blocking bogons blocks unassigned IP ranges that shouldn't have traffic yet.

--

Steve Yates
ITS, Inc.

-----Original Message-----
From: List <list-***@lists.pfsense.org> On Behalf Of Antonio
Sent: Sunday, May 6, 2018 4:34 AM
To: pfSense Support and Discussion Mailing List <***@lists.pfsense.org>
Subject: [pfSense] Firewall rules on OpenVPN interface

Hi,

I was wondering is the "*Block private networks and loopback addresses*"
and "*Block bogon networks*" shoudl be ticked for the interface I have
created for my OpenVPN client?

Do I need to allow incoming requests on that interface? I copied the
configuration from the internet to connect to my VPN provider but it
gave no detail around these options. You would expect the link to be
secure and I guess the only risk is if the VPN provider sends requests
to my internal network?

Thanks
--
Respect your privacy and that of others, don't give your data to big corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging or
Diaspora* (https://joindiaspora.com/) for your social networking.

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Loading...