firewall:iptables:configure_iptables_for_openvpn
Table of Contents
Firewall - iptables - Configure iptables for openvpn
Allow tcp connections on the openvpn port
iptables -A INPUT -i eth0 -m conntrack --ctstate NEW -p tcp --dport 1194 -j ACCEPT
NOTE: If udp is needed, then change the above accordingly.
- The same applies if another port number is needed.
Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -o eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o tun+ -m -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
NAT the VPN client traffic to the Internet
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
NOTE: Change the IP address mask according to the info of the tun0 result while running “ip a” or “ifconfig” commands.
Allow outbound traffic through the vpn tunnel
iptables -A OUTPUT -o tun+ -j ACCEPT
Restart iptables
service iptables start
firewall/iptables/configure_iptables_for_openvpn.txt · Last modified: 2025/07/29 11:11 by peter