OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: chemlud on May 26, 2018, 04:50:47 pm

Title: openVPN tunnel connects to WAN port from OPT1 - although port on WAN blocked
Post by: chemlud on May 26, 2018, 04:50:47 pm
Hi again!

I know, this is most likely a feature, not a bug, but would book this under "unexpected behaviour", so just as a "heads up" to everybody :-)

Have an OPNsense (up to date i386 nano wit LibreSSL flavour). As I use it for traveling, it has preconfigured openVPN tunnels, employing DYNDNS for the target servers running on other
OPNsenses and one remaining pfsense (x64, latest updates installed).

All doing fine. Can reach the subnet I want to reach at a specific pfsense when traveling, but was really surprised that I could reach the openVPN server as well as clients in the LAN subnet

- when the OPNsense is BEHIND the pfsense, but in a different subnet (OPT1), than the subnet attached to tunnel (LAN)
- with a WAN firewall rule BLOCKING access to the specific port the openVPN server is listening.

Really a surprise to me at first sight, but then I remembered that you can reach the GUI from LAN when entering the WAN-IP in the browser (if not specifically blocked).

So the access to the specific WAN port is NOT blocked for access via this OPT1 network.

Will hopefully soon switch this remaining pfsense to OPNsense, but likely have to expect the same behaviour, as the openVPN traffic is hitting the WAN adress not via the WAN interface, which has the block rule, or? :-)