Firewall rules for OpenVPN Access server

Post Reply
MariusE
OpenVpn Newbie
Posts: 7
Joined: Thu Dec 06, 2018 2:14 pm

Firewall rules for OpenVPN Access server

Post by MariusE » Wed Dec 19, 2018 9:38 am

Hello,

My VPN setup is working just fine but I'm experiencing an issue : how can I make the web client accessible through the VPN only ? I don't want anybody bruteforcing my Admin UI. I checked the default firewall but I don't seem to be able to allow connection on port 943 only from the VPN's ip range.

That could also help me putting several services through the VPN : chat , file sharing ..

I was wondering how to proceed on allowing access to certain ports from certain ip's.

Thanks.
Marius

novaflash
I should be on the dev team.
Posts: 863
Joined: Fri Apr 13, 2012 8:43 pm

Re: Firewall rules for OpenVPN Access server

Post by novaflash » Wed Dec 19, 2018 10:15 am

Regarding bruteforcing, there's an automatic lockout in place. You should check this security recommendations page first though:
https://openvpn.net/vpn-server-resource ... tallation/

And to allow access only through VPN you can disable service forwarding for the admin web service and bind it to an internal only IP address. You'd need an interface on your Access Server that has such a private IP. You can a dummy adapter if you don't have it.

MariusE
OpenVpn Newbie
Posts: 7
Joined: Thu Dec 06, 2018 2:14 pm

Re: Firewall rules for OpenVPN Access server

Post by MariusE » Wed Dec 19, 2018 1:17 pm

Hi,

Would you suggest installing my applications on the same server ? Because I will need to have other applications routed through the VPN.
Should I just use a dedicated server for OpenVPN and an other one as client for my applications ? Should I try to mess with the firewall?

Thanks for your reply.

Marius

novaflash
I should be on the dev team.
Posts: 863
Joined: Fri Apr 13, 2012 8:43 pm

Re: Firewall rules for OpenVPN Access server

Post by novaflash » Wed Dec 19, 2018 5:45 pm

I would suggest separating roles, so have a separate server for Access Server, and a separate server for your other applications.

novaflash
I should be on the dev team.
Posts: 863
Joined: Fri Apr 13, 2012 8:43 pm

Re: Firewall rules for OpenVPN Access server

Post by novaflash » Wed Dec 19, 2018 5:45 pm

Oh and those can be virtual servers of course, otherwise things would get needlessly expensive for no good reason.

Post Reply