openvpn ufw rules

علی ذوالفقار
1400/08/18 20:34:10 (241)
Forwarding policy
Change default forward policy, edit /etc/sysctl.conf 
to permanently enable ipv4 packet forwarding. (Note: This will take effect at next boot).

sudo vim /etc/sysctl.conf

# Enable packet forwarding
net.ipv4.ip_forward=1
UFW config
And then configure ufw in /etc/default/ufw
sudo vim /etc/default/ufw

DEFAULT_FORWARD_POLICY="ACCEPT"
UFW before rules
Change /etc/ufw/before.rules 
to add the following code after the header and before the “*filter” line. 
Match the IP/subnet mask to the same one as in /etc/openvpn/server.conf.

sudo vim /etc/ufw/before.rules

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Enable OpenVPN
Open openvpn port 1194
sudo ufw allow 1194

Start UFW
sudo service ufw start
Back