Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN ignoring Firewall Rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN ignoring Firewall Rules (Read 619 times)
Struntzi
Newbie
Posts: 3
Karma: 0
OpenVPN ignoring Firewall Rules
«
on:
June 23, 2024, 05:10:26 pm »
Hello Guys,
i have the following setup in my lab and having some trouble with the corresponding firewall rules:
- OPNsense as OpenVPN Instance (server) [OPNsense 24.1-amd64] -> 192.168.100.1
- Server 1 connected via .ovpn [Debian 12 Bookworm] -> 192.168.100.240
- Server 2 connected via .ovpn [Debian 11 ] -> 192.168.100.241
- Client [MacOS] -> 192.168.100.105
As you might noticed i have some Client specific overrides in place for the ip addresses.
My goal here is that i can communicate freely within the VPN Network.
As soon as the the Server 2 tries to access a service on Server 1 i am prompted with a "Default deny / state violation rule" message in the live view of the Firewall Rules.
I places rules in the VPN Interface itself in the OpenVPN Group and even in the WAN interface and disabled "Block private networks" there for testing.
But none of the rules are working, or being matched.
Even though i have tested, any any rules, as well as rules just for the /24 subnet of the vpn.
But it seems the OPNsense just ignores my rules.
Logged
dcvtss
Newbie
Posts: 2
Karma: 0
Re: OpenVPN ignoring Firewall Rules
«
Reply #1 on:
July 12, 2024, 12:16:30 am »
I'm having a similar issue, it's been driving me crazy. I'm trying to setup an openvpn roadwarrior server that allows clients to access a single VLAN. I can send traffic into the VLAN from the clients but traffic coming out gets blocked with a "Default deny / state violation rule", and the rule number being referenced is my final "pass to anywhere" rule. I check in the FW state table and there is none for my vpn traffic. There is something weird going on with the fw states for openvpn, I can ssh to a server and do cli stuff via the vpn client but can't load any web pages.
I've tried about everything I can think of, giving both the VLAN and openvpn interfaces wide open firewall rules, using the CIDR for the VPN network isntead of the built in alias, using legacy openvpn "server" instead of "instances", assigning an interface for the openvpn server and adding the fw rules there, adding NAT even though I shouldn't need it, creating a pass all rule on the loopback interface, probably some other things I've forgotten but it just won't work.
«
Last Edit: July 12, 2024, 12:19:28 am by dcvtss
»
Logged
dcvtss
Newbie
Posts: 2
Karma: 0
Re: OpenVPN ignoring Firewall Rules
«
Reply #2 on:
July 12, 2024, 03:46:19 pm »
My issue ended up being MTU setting, lowering it made everything work. What led me to finally figure it out was noticing that only tiny ssh packets were making it through, even trying to run 'top' via ssh failed.
You may want to investigate the setting, good luck.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN ignoring Firewall Rules