OpenVPN clients do not access OpenVPN server iptables?

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
Post Reply
User avatar
Ingber
OpenVPN User
Posts: 16
Joined: Wed Sep 24, 2014 3:05 am

OpenVPN clients do not access OpenVPN server iptables?

Post by Ingber » Sun Jan 15, 2017 4:45 pm

I have OpenVPN-2.4 running on my Ubuntu 16.04 server, and also running on my clients: dd-wrt router, Windows x64 Pro, and Android 7.1.1.

In my Ubuntu /etc/openvpn/server.conf I have
push "dhcp-option DNS 10.8.0.1"

I want my clients to use the server's iptable rules set up to block a list of IP addresses.

I have have tried several sets of iptable rules in my Ubuntu server /etc/init.d/openvpn file, not of which work. E.g., I try
blacklist IP:
iptables -A INPUT -s IP -j DROP
delete blacklisted IP
iptables -D INPUT -s IP -j DROP
to test an IP that I can use in one of my client browsers.

I have tried (uncommented iptables lines are used currently):

##https://arashmilani.com/post?id=53
# iptables -A INPUT -i tun+ -j ACCEPT
# iptables -A FORWARD -i tun+ -j ACCEPT
# iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# iptables -A OUTPUT -o tun+ -j ACCEPT

## from Linode doc
/sbin/iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -j REJECT
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
/sbin/iptables -A INPUT -i tun+ -j ACCEPT
/sbin/iptables -A FORWARD -i tun+ -j ACCEPT

Otherwise, my VPNs seem to working fine.

Post Reply