Hi there,
I am using 24.x and I have about 10 different OpenVPN setups currently running. They are quite relaxed and have general firewall rules that allow them specific access to/from different networks.
Now for the first time I will have a OpenVPN access to a third party where I need maximum security.
I was hoping to simply set a firewall rule that says "OpenVPN Configuration userXYZ" => block *ALL*. And then allow that user to *only* have traffic to an internal IP address on a specific port.
However intuitively I haven't found a way to do this in the UI, as all openvpn connections are grouped together in the fw rules.
In the docs it says
Tip
In order to use features as policy based routing or manual routes, you can assign the underlying devices and use them in a similar fashion as physical interfaces.
I am not sure if that means I can assign a "network"/similar to one specific OpenVPN instance and thus enable me to simply select that specific instance in the fw rules?
-
ps.: I know I can glue together a fw rule by going via IPs. But I want a really robust solution that *never* allows traffic for that third party, even in case of a misconfiguration or configuration change. Also since in this instance I am *dialing out* to a OpenVPN server (I am the OVPN client) I have no control over the transfer networks involved.
Any help would be greatly appreciated.
Thanks!