Hi, i have small problems with OpenVPN connections at the firewall.
Current state is that everything works fine!
I have running instance of ovpn server and few windows/linux clients successfully connecting to it.
About firewall.
In filter i had to explicitly permit source addresses (from vpn pool) used by vpn clients
I had to put them there to enable communication between established vpn connections and local services. In the other words, all clients can connect to VPN, but without firewall rules permitting addresses used by vpn clients, LAN is not reachable for VPN users. They establish tunnel, they get IP address and gateway, but cant reach anything on local network.
I tried to bind vpn connections to bridge-local, which i use for all other interfaces, but without any success. I even created static ovpn-server-bindings and then tied them to the bridge, no success. And even if that would work, with more like 5 users, i would rather permit acces for addresses from some pool, than creating shitload of server-bindings for bridge.
Ovpn server alone is tied to that bridge (by option bridge), same result.
So finally a question. What is correct firewall policy for maintaining dynamic OVPN connections? Thanks.