Hi everyone!
I currently have ipfire with firewall rules so that openvpn users cannot browse the internet and can only access the openvpn network, however I require users to be able to browse the internet through each other’s local ISP users, is this possible?
Can you setup a firewall rule?
VPN network
NAT
To
GREEN network allow
Or
VPN network
NAT
to
RED block
do not push redirect-gateway def1
in advanced settings of the OpenVPN server or in the client.ovpn
configuration file. See the documentation, quote:
Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server
Pushing this option means that ALL the network traffic of the client will be directed through the tunnel and if you do not allow access to the red interface, the internet connection will drop as soon as the client connects to the OpenVPN interface, which is not what you want.
Keep in mind that addressing all the traffic to the tunnel could be also set locally, outside the OpenVPN Connect
client but from the OS itself. I am not 100% certain but I believe android has such an option.
OpenVPN for Android has a checkbox to make everything go through the vpn tunnel. Default is unchecked if i remember correctly.
Just checked and it is off by default.
second option VPN network NAT to RED block