I’m trying to use web content filter on VPN clients, but it seems it’s not possible to configure this from the GUI.
nethserver version: 6.8
OpenVPN must stay in routed mode, I don’t want to use it as bridged mode
VPN is working and option “Route all client traffic through VPN” is ticked
web content filter is in transparent mode and works for green networks
I think I tried every configuration possible to get it working but no success.
I would like to know if it’s the expected behaviour ans if it’s possible to do this (maybe with iptables but I’m not an expert, iptable -L gives a lot of entries)
Thank a lot for your help and sorry about my English.
In NS 7b2, the firewall rule should work with “Source: Role VPN”, but for me, doesn’t work in this moment (I think I should do a new clean installation; I made a lot of tests on actual installation and maybe this is the problem).
Indeed I didn’t know it was a bug, after installing ipsec from software center I have vpn role in the source or destination.
Then I have the error if I try to apply the rule, resolved by installing the firewall package from testing.
But the problem still remaining… web content filter is not applied to OpenVPN client in routed mode,
I think it’s the “normal” behaviour of nethserver (I’m waiting Gabriel to confirm if it was working for him in routed mode)
Sorry @xeon33 , @giacomo for my late answer, but I have a busy day (I drove 800 Km, about 12 hours only driving, to replace a sensor in 5 minutes).
I’m pretty tired but I want to check before I will go to sleep.
So:
VPN: routed mode with Route all client traffic through VPN and Allow client-to-client network traffic, enabled.
I have installed the last packages for nethserver-firewall-base and nethserver-firewall-base-ui (3.1.0-1.4.gbd9f255).
I have created the firewall rule without issues (as Giacomo said) : Gateway -> Firewall rules -> Create rule at bottom:
Enabled: Enabled
Action: Accept
Source: Role VPN
Destination: Role RED
Service: Any
Write to log if this rule matches: Optional
Description: Optional
For this rule, the web content filter is not working. I can browse.
I changed “Destination” to Role GREEN, Role VPN and Firewall: I cannot browse.
I changed “Destination” to Any: I can browse (I think is near the first case: Role RED + all the others); web content filter is not working.
In any case from above, you can block something using the DPI feature.
@GG_jr, big thanks to have take the time after your tiring day!!
@giacomo do you think it’s something that should be implemented in future release ?
If you want, and if most users don’t ask after this change, I can try to have a look, I have some skills in dev
I think a rule in iptable could do the trick.
You can use web content filtering for VPN clients but only in manual (or authenticated) mode.
I don’t think so, since this is the first time someone request for such feature
But you can implement by yourself with a simple template-custom (not tested):