Stop unrequested incoming VPN traffic

How do I stop the VPN server from initiating requests and accessing my network? I am also looking for any security recommendations for a VPN client. At a minimum, I would like to;

  1. Stop New Incoming Connections from the VPN server but still allow the server to respond to client side request.
  2. Stop the VPN server from accessing anything on the client network.
  3. Any other relevant firewall for VPN client setting or configurations I should think about?

You should be easily be able to achieve the first two objectives by putting the vpn client interface into the wan firewall zone.


If tun0 is the name of the zone which includes the vpn client, then you only need to remove wan zone from forwardings.
One more thing, you probably don't need to masquerade the vpn zone, which seems to be a server for accessing your home network from outside.

1 Like

@trendy I have no home VPN server. I have a subnet of VPN clients ( This is the only subnet that can use the VPN remote server.

Thanks for the clarification, you don't need the masquerade on that zone.

1 Like

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/firewall

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.