====== Firewall - iptables - Configure iptables for openvpn ======

===== Allow tcp connections on the openvpn port =====

<code bash>
iptables -A INPUT -i eth0 -m conntrack --ctstate NEW -p tcp --dport 1194 -j ACCEPT
</code>

<WRAP info>
**NOTE:**  If udp is needed, then change the above accordingly.

  * The same applies if another port number is needed.
</WRAP>


----

===== Allow TUN interface connections to OpenVPN server =====

<code bash>
iptables -A INPUT -i tun+ -j ACCEPT
</code>

----

===== Allow TUN interface connections to be forwarded through other interfaces =====

<code bash>
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
</code>

----

===== NAT the VPN client traffic to the Internet =====

<code bash>
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
</code>

<WRAP info>
**NOTE:**  Change the IP address mask according to the info of the **tun0** result while running "ip a" or "ifconfig" commands.
</WRAP>

----

===== Allow outbound traffic through the vpn tunnel =====

<code bash>
iptables -A OUTPUT -o tun+ -j ACCEPT
</code>

----

===== Restart iptables =====

<code bash>
service iptables start
</code>