OpenVPN Server Firewall Settings

[kalutes]

I'm using the built-in OpenVPN service to host a server and am able to connect just fine. I'm stuck on figuring out how to setup the firewall rules to allow VPN clients to access other devices in my local network.

For core, this is done using ipfw and setting some values in /etc/rc.conf (example in this guide: https://www.truenas.com/community/t...envpn-inside-a-jail-in-freenas-11-1-u1.61681/)

ipfw:

Code:

#!/bin/sh
EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}

TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0

rc.conf:

Code:

gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"

For linux distributions besides scale, this seems to usually be done by using "firewall-cmd".

Can anyone help on how to setup the firewall properly on scale? I'm running 21.08 beta 2.

Thanks!

 

[li_chang]

Hi, if your openvpn device type is tun (ip layer), and let's say you have local lan on 192.168.88.0/24, I think you should put
push "route 192.168.88.0 255.255.255.0" in the additional parameters of openvpn server setting page.

and setup route somewhere in your router as:
dst-addr: ovpn ip pool
gateway: turenas ip