OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OpenVPN + Policy Based Routing + Firewall Rules Question
« previous next »
  • Print
Pages: [1]

Author Topic: OpenVPN + Policy Based Routing + Firewall Rules Question  (Read 2259 times)

crissi

  • Full Member
  • ***
  • Posts: 170
  • Karma: 4
    • View Profile
OpenVPN + Policy Based Routing + Firewall Rules Question
« on: December 03, 2021, 01:58:07 pm »
Hello,
I have a understanding question regarding firewall rules and policy based routing over OpenVPN connection https://docs.opnsense.org/manual/firewall.html to the following Note:

Quote
Note
When using policy based routing, don’t forget to exclude local traffic which shouldn’t be forwarded. You can do so by creating a rule with a higher priority, using a default gateway.

Please see attached screenshots of my Firewall Rules.

How exactly can I exclude the local traffic which shouldn’t be forwarded to the OpenVPN connection in my case, as I actually just want to allow http / https traffic to internet for the VLAN10 over the specific OpenVPN single gateway?

Reading the Note over and over again just confuse me more…

Thx!
Logged
Cheers,
Crissi

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: OpenVPN + Policy Based Routing + Firewall Rules Question
« Reply #1 on: December 06, 2021, 09:27:25 am »
Hi crissi,

Since you have "block access to OPNsense from VLANs" rule that would be the one that needs a "pass" if you wanted to access OPNsense from the VLAN, because otherwise it would route these requests over to the VPN where they can't be answered. The DNS rule is also in place so it looks like you are good. :)


Cheers,
Franco
Logged

crissi

  • Full Member
  • ***
  • Posts: 170
  • Karma: 4
    • View Profile
Re: OpenVPN + Policy Based Routing + Firewall Rules Question
« Reply #2 on: December 07, 2021, 05:44:51 am »
Hi Franco,

thanks for the update. For me is the part of the Note regarding "using a default gateway" with higher priority not complete clear.

For Example to understand, if i would like to Route a specific Client Pc not over the VPN Gateway and instead over the normal WAN Gateway, i have to add the Rule with the higher priority over the VPN Gateway "using a default gateway"?

Thx!
Logged
Cheers,
Crissi

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: OpenVPN + Policy Based Routing + Firewall Rules Question
« Reply #3 on: December 07, 2021, 12:40:54 pm »
Higher priority here means ordered before your other rule so it can "pass" first. In that case you don't select a gateway to keep the default routing behaviour.


Cheers,
Franco
Logged

crissi

  • Full Member
  • ***
  • Posts: 170
  • Karma: 4
    • View Profile
Re: OpenVPN + Policy Based Routing + Firewall Rules Question
« Reply #4 on: December 07, 2021, 08:34:30 pm »
Perfect, thanks Franco for your Help!

Logged
Cheers,
Crissi

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: OpenVPN + Policy Based Routing + Firewall Rules Question
« Reply #5 on: December 08, 2021, 08:57:04 am »
No problem :)
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OpenVPN + Policy Based Routing + Firewall Rules Question
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2