OPenVPN with Buster and nftables

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
mike175de
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 23, 2019 1:21 pm

OPenVPN with Buster and nftables

Post by mike175de » Mon Sep 23, 2019 1:31 pm

Hey there,

I already searched the forum for an answer, but I couldn't find any solution for my specific problem. So I hope that the great community of OVPN could give me a hint ;o)

I have a fresh Buster installation with OVPN. Installation of OVPN went fine, everything is working,a ll clients can connect and use the services of the server. But whenever I try to set up a firewall (no matter if I try iptables-legacy or nftabels) my clients can connect to the OVPN-Server, but are not able to use all the other services (like DNS with pihole) on the server.

I already tried different settings of nftables.conf with iptales-translate to translate the rules of add-opvpn-rules.sh (specified in /etc/Itables).

Is there any example how to config the nftables-Firewall of Buster so that all the services within the VPN-Tunnel could be used by the clients?

Any help is appreciated.

Greets mike

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OPenVPN with Buster and nftables

Post by Pippin » Mon Sep 23, 2019 3:57 pm

Where are your actual rules?

mike175de
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 23, 2019 1:21 pm

Re: OPenVPN with Buster and nftables

Post by mike175de » Mon Sep 23, 2019 8:01 pm

Thanks for your reply.

The Rules are in /etc/iptables/rules when I tried firewalling with iptables-legacy with activated add-openvpn-rules.sh service.
And in /etc/nftables.conf when I tried firewalling with nftables with disabled rules.sh service but translated them via iptables-translate to insert them Info the nftables.conf.

Both solutions failed as mentioned in the first post.

Thx.mike

Post Reply