Firewall - iptables - Configure iptables for openvpn

Firewall - iptables - Configure iptables for openvpn

Allow tcp connections on the openvpn port

iptables -A INPUT -i eth0 -m conntrack --ctstate NEW -p tcp --dport 1194 -j ACCEPT

NOTE: If udp is needed, then change the above accordingly.

The same applies if another port number is needed.

Allow TUN interface connections to OpenVPN server

iptables -A INPUT -i tun+ -j ACCEPT

Allow TUN interface connections to be forwarded through other interfaces

iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

NAT the VPN client traffic to the Internet

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

NOTE: Change the IP address mask according to the info of the tun0 result while running “ip a” or “ifconfig” commands.

Allow outbound traffic through the vpn tunnel

iptables -A OUTPUT -o tun+ -j ACCEPT

Restart iptables

service iptables start

Table of Contents

Firewall - iptables - Configure iptables for openvpn

Allow tcp connections on the openvpn port

Allow TUN interface connections to OpenVPN server

Allow TUN interface connections to be forwarded through other interfaces

NAT the VPN client traffic to the Internet

Allow outbound traffic through the vpn tunnel

Restart iptables