Solved

Iptables firewall settings for openvpn

Posted on 2009-04-04
1
1,125 Views
Last Modified: 2013-12-16
I have configured openvpn in fc 6 with routed setup. Now i want to protect my vpn server using iptables firewall.  I have mentioned below my network configuration.

eth0- connected in internet with static ip
eth1- connected in local subnet
tun1- openvpn tunnel interface.

I need some sample iptables rules to protect vpn server from hackers.
0
Comment
Question by:rajasekarramasamy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 125 total points
ID: 24069844
you need to expose your vpn port to the internet, but after that, the tun interface is not available to anybody on the internet unless they are valid openvpn clients :-)

This said, you only need to assure you accept traffic from the tun interface:

# Needed for openvpn to work:
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT

# Access from the VPN to the LAN:
iptables -A FORWARD -i tun+ -o eth1 -j ACCEPT
# Access from the VPN to the firewall exposed apps:
iptables -A INPUT -i tun+ -j ACCEPT


that should be all
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question