I followed the video How To Setup A Peer to Peer / Site to Site VPN Using OpenVPN On pfSense - YouTube and I successfully established a site to site VPN with OpenVPN as per the video. Now, I’m trying to lock it down to limit access to specific servers (i.e. specific IPs) on the OpenVPN server site. I.e. the OpenVPN client network should only access certain IPs on the OpenVPN server site. Using the video’s IP to talk about it, let’s say I want to limit computers on the 192.168.20.0/24 network to have access to only a specific server, let’s say 192.168.40.11. Where do I put the firewall rules to block everything from the 192.168.20.0/24 network to the 192.168.40.0/24 network except for 192.168.40.11?
Do I add a firewall run on the 192.168.20.1 pfSense? If so, do I add it on the OpenVPN interface or on the OPT1 interface (Firewall / Rules / OPT1)?
Or, do I add it into the server 192.168.40.1 pfSense? Do I add it to the OpenVPN interface?
I’ve tried adding it to several combinations of the above and it’s still passing my pings. Any help or links would be appreciated.