You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2016-03-02 02:08:59
- proof
- Member
- Registered: 2015-05-25
- Posts: 19
iptables and openvpn
I am running an arch firewall with iptables rules. The firewall has openvpn running on it and is connected to two other networks.
Currently all of my devices behind the firewall have access to both VPN's.
What would a rule look like that would limit access to my VPN's to only two specific IP's behind the firewall.
Any assistance is appreciated.
Thanks!
Offline
#2 2016-03-02 02:40:55
- Xyne
- Administrator/PM
- Registered: 2008-08-03
- Posts: 6,963
- Website
Re: iptables and openvpn
Do you mean that you are running an OpenVPN server on the firewall, and you want to restrict access to it to 2 IPs on the LAN? If so, the restriction should be at the level of OpenVPN's configuration, but you could add 2 firewall rules: one to accept all UDP(?) packets for OpenVPN's port from the LAN interface if the source is one of those 2 IPs, and one to drop all other packets for that port from the LAN interface.
If you mean that your firewall is running an OpenVPN client connected to a remote VPN, then you should probably provide more information about the setup. Are you routing all traffic from the firewall server through the VPN? What is the goal? To have all traffic from the firewall server and those 2 IPs go to the VPN, and everything else go directly to the WAN?
I haven't played with routing and forwarding enough to give a concrete suggestion, but I expect the answer to be one rule in the FORWARD table to pass those two IPs to the VPN and another to pass the rest to the WAN. Or maybe something with VLANs. Or more obscure wizardry.
*subscribes*
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
#3 2016-03-02 03:15:07
- proof
- Member
- Registered: 2015-05-25
- Posts: 19
Re: iptables and openvpn
Thank you for the reply.
The firewall is running an OpenVPN client connected to a remote VPN.
The goal is to allow all traffic begin the firewall access to the WAN, but limit access to the VPN tunnel to two specific IP's on the LAN. For clarification, those two IP's should also have access to the WAN, as they do know.
With my current setup, all IP's behind the firewall can access the WAN and the VPN. I was hoping to drop access to the VPN with the exception of two IP's.
I hope this makes sense.
Thanks again.
Offline
#4 2016-03-02 05:39:11
- x33a
- Forum Fellow
- Registered: 2009-08-15
- Posts: 4,587
Re: iptables and openvpn
Perhaps drop all traffic to tun0 except for those 2 IPs.
Offline
Pages: 1