openVPN konfigurace firewallu
Konečně se mi podařilo zprovoznit openvpn tak, aby i openvpn-klienti viděli lan-klienty, tak to sem dám, třeba se to bude někomu hodit. Zádrhel byl ve firewallu:
takže post-firewall - část týkající se openvpn:
192.168.1.X - lan
192.168.2.X - openvpn
port 1234
Code:
#OpenVPN access from WAN
iptables -D INPUT -j DROP
iptables -A INPUT -p udp --dport 1234 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p udp --dport 1234 -j DNAT --to-destination $4:1234
# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
# Allow TUN interface connections to be forwarded through other interfaces
# Allow forwarding to/from Vpn-Clients (needed at least for ping)
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
# Allow connections from VPN-Clients to LAN-Clients
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o br0 -j MASQUERADE
# Allow connections from LAN-Clients to VPN-Clients
iptables -I FORWARD -i tun+ -o br0 -s 192.168.2.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun+ -s 192.168.1.0/24 -j ACCEPT
# Allow VPN-clients to tunnel internet traffic through VPN-Server
#iptables -I FORWARD -i tun+ -o vlan1 -s 192.168.2.0/24 -j ACCEPT
iptables -A INPUT -j DROP
Je možný, že v tom je nějaká chybka, tak to třeba opravte a doplňte, ale funguje mi to.
Taky je potřeba povolit ip4_forward.
__________________________________________________ _
WL-500gP Oleg firmware v.1.9.2.7-rtn
vsftp,lighttp,php5,mysql4,samba3,
syslog-ng,rrdtools,cron,openvpn
WD MyBook 250GB
__________________________________________________ _
OpenSUSE 13.1