Hey there,
I already searched the forum for an answer, but I couldn't find any solution for my specific problem. So I hope that the great community of OVPN could give me a hint ;o)
I have a fresh Buster installation with OVPN. Installation of OVPN went fine, everything is working,a ll clients can connect and use the services of the server. But whenever I try to set up a firewall (no matter if I try iptables-legacy or nftabels) my clients can connect to the OVPN-Server, but are not able to use all the other services (like DNS with pihole) on the server.
I already tried different settings of nftables.conf with iptales-translate to translate the rules of add-opvpn-rules.sh (specified in /etc/Itables).
Is there any example how to config the nftables-Firewall of Buster so that all the services within the VPN-Tunnel could be used by the clients?
Any help is appreciated.
Greets mike
OPenVPN with Buster and nftables
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Sep 23, 2019 1:21 pm
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: OPenVPN with Buster and nftables
Where are your actual rules?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Sep 23, 2019 1:21 pm
Re: OPenVPN with Buster and nftables
Thanks for your reply.
The Rules are in /etc/iptables/rules when I tried firewalling with iptables-legacy with activated add-openvpn-rules.sh service.
And in /etc/nftables.conf when I tried firewalling with nftables with disabled rules.sh service but translated them via iptables-translate to insert them Info the nftables.conf.
Both solutions failed as mentioned in the first post.
Thx.mike
The Rules are in /etc/iptables/rules when I tried firewalling with iptables-legacy with activated add-openvpn-rules.sh service.
And in /etc/nftables.conf when I tried firewalling with nftables with disabled rules.sh service but translated them via iptables-translate to insert them Info the nftables.conf.
Both solutions failed as mentioned in the first post.
Thx.mike