Hi,

On Mon, Jan 11, 2016 at 01:06:18PM -0800, Jeff Boyce wrote:
> Now, I don't want to leave my firewall with a default Accept All setting 
> on the forwarding chain, so I need to identify a rule specific to the 
> packet type / traffic that I want to allow.  I am little less 
> knowledgeable on firewall rules than routing so if someone could provide 
> a suggestion here I would appreciate it.  I tried making a rule that 
> allowed all UDP TUN traffic, but that blocked my ping again.  I think 
> then I tried adding a port specific rule, but that didn't help either.  
> At that point I ran out of time to conduct any additional tests.

You need to allow UDP (for OpenVPN) in the INPUT chain, because that
is consumed by the VPN server (-> INPUT), not forwarded elsewhere.

In the FORWARD chain, the easiest approach - and reasonably secure, unless
you distrust your VPN clients - is to permit everything coming in via
tun0

   iptables -I INPUT -i tun0 -j FORWARD

(or similar to this, typing from memory)

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to