Posted: Thu May 04, 2017 14:30 Post subject: Open VPN Client and Firewall help
Hello All,
I have tried searching on google can't get a straight answer. I am very new at this stuff. I currently use IPVanish for my VPN.I set it up using the open VPN setting on Brainslayer's latest build on a WRT1900AC V1 router. Everything is running well. Question is with the setup it tells me to disable the SPI Firewall setting, and enable it under the OpenVPN setting.All good there.
Question is with it set up like this are the devices not going through the VPN protected by a firewall still? And if not how do I do it? I have a couple media streamers that need to use my normal IP.
Ye gods, No! I've never heard of disabling the SPI firewall for VPN. The only thing "protecting" you is the VPN provider's firewall on the other end of the tunnel!
Let OpenVPN configure the SPI firewall for itself. My Mullvad VPN works fine with SPI enabled on the Security tab and Firewall Protection enabled on the VPN tab. Everything goes through the tunnel, and I added a firewall to block br0->WAN traffic just in case the VPN tunnel goes down.
Thus I found it reassuringly necessary to bypass the VPN for VoIP traffic and my cable modem UI.
Thank you for the reply. Just to clarify: I have firewall enabled under the open VPN setting / tab. Under the security tab, firewall tab, the online tutorials I found say to disable "SPI Firewall" and enable under it under the Open VPN setup tab. This makes me think that if I have any devices outside of the VPN that it may not be protected by the firewall. Do you follow what I am trying to say?
Yup, I follow you. I see the SPI firewall thing now in some of the VPN providers' tutorials. I am stubbornly skeptical. IMHO disabling the SPI firewall is a tech support cure-all for improperly configured firewalls. I've got Mullvad VPN, and nowhere in their DD-WRT client configuration guide did they have me disable the SPI firewall. I cringe just thinking about it.
Edit: to be clear, no I do not believe your VPN-bypassed devices have firewall protection with the SPI firewall disabled. I hope someone will correct me if I'm misinformed. _________________ [Broadcom] Asus rt-ac66u r35531 ('66 should only be factory reset through the DD UI)
Fix RT-AC66U "wl1 [2.4 GHz TurboQAM]". DD-WRT failsafe UI @ http|https://169.254.255.1/