How to put OpenVPN connection behind firewall?

Jojonintendo · 2015-08-13 10:39:58

Hi guys,

I usually find my way around in the wiki, but this time I'm not sure I understand everything.

I'm using some VPN servers out of curiosity (right now VPNBook) and I noticed something I don't like. When I go to ShieldsUP (which I really like, to test my Openwrt firewall configuration for example), I get this when using the VPN:

GRC Port Authority Report created on UTC: 2015-08-13 at 10:19:29

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
                            119, 135, 139, 143, 389, 443, 445, 
                            1002, 1024-1030, 1720, 5000

    2 Ports Open
    1 Ports Closed
   23 Ports Stealth
---------------------
   26 Ports Tested

Ports found to be OPEN were: 80, 443

The port found to be CLOSED was: 113

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

As you can see, 2 open ports and 1 closed. Now if I don't use the VPN:

GRC Port Authority Report created on UTC: 2015-08-13 at 10:20:24

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
                            119, 135, 139, 143, 389, 443, 445, 
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    1 Ports Closed
   25 Ports Stealth
---------------------
   26 Ports Tested

NO PORTS were found to be OPEN.

The port found to be CLOSED was: 0

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

Not perfect either, but at least I don't get open ports.

So, with everything I read about VPN I think I get that it "tunnels" through my firewall (in this case, through my Openwrt firewall in the router), which is why it bypasses its secure settings.

Now to the real question, can I put my VPN connection somewhere it could still make use of my Openwrt firewall? Or at least make use of my OS firewall, which seems to be bypassed too? Currently I can only use my Windows 8.1 install, but I plan to experiment on my Arch machines later on.

I could really appreciate your enlightenment on the subject.

(sorry for possible misspells or nonsenses, I'm no native english speaker)

brebs · 2015-08-13 18:32:33

Jojonintendo wrote:

Ports found to be OPEN were: 80, 443

That's on VPNBook's server, not yours. So no, you can't firewall it yourself, because you are not running as root on their server.

Those ports are for a webserver. I wouldn't worry about it.

Jojonintendo · 2015-08-13 18:49:39

I was wondering if there was some way to apply a firewall before the tunnel. But I'm not so sure anymore that this is possible. What if I setup a VPN server right in the router? Would that be possible this way? I'm asking because Openwrt gives so much options that I'm sure I don't use it to its full potential.

Anyway, many thanks for your answer, brebs.

brebs · 2015-08-13 20:41:32

Jojonintendo wrote:

I was wondering if there was some way to apply a firewall before the tunnel

No.

It's between ShieldsUp and VPNBook. Totally beyond your control.

If you think this is a problem for you, then please explain why.

Jojonintendo · 2015-08-13 22:08:42

I don't think it is a problem anymore. It's just that the way ShieldsUP shows the results, it seems bad, and I wanted to know if it was fixable.

Arch Linux

#1 2015-08-13 10:39:58

How to put OpenVPN connection behind firewall?

#2 2015-08-13 18:32:33

Re: How to put OpenVPN connection behind firewall?

#3 2015-08-13 18:49:39

Re: How to put OpenVPN connection behind firewall?

#4 2015-08-13 20:41:32

Re: How to put OpenVPN connection behind firewall?

#5 2015-08-13 22:08:42

Re: How to put OpenVPN connection behind firewall?

Board footer