I have OpenVPN-2.4 running on my Ubuntu 16.04 server, and also running on my clients: dd-wrt router, Windows x64 Pro, and Android 7.1.1.
In my Ubuntu /etc/openvpn/server.conf I have
push "dhcp-option DNS 10.8.0.1"
I want my clients to use the server's iptable rules set up to block a list of IP addresses.
I have have tried several sets of iptable rules in my Ubuntu server /etc/init.d/openvpn file, not of which work. E.g., I try
iptables -A INPUT -s IP -j DROP
delete blacklisted IP
iptables -D INPUT -s IP -j DROP
to test an IP that I can use in one of my client browsers.
I have tried (uncommented iptables lines are used currently):
# iptables -A INPUT -i tun+ -j ACCEPT
# iptables -A FORWARD -i tun+ -j ACCEPT
# iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# iptables -A OUTPUT -o tun+ -j ACCEPT
## from Linode doc
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -j REJECT
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
/sbin/iptables -A INPUT -i tun+ -j ACCEPT
/sbin/iptables -A FORWARD -i tun+ -j ACCEPT
Otherwise, my VPNs seem to working fine.
Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
1 post • Page 1 of 1
- OpenVPN User
- Posts: 16
- Joined: Wed Sep 24, 2014 3:05 am
Who is online
Users browsing this forum: No registered users and 1 guest