I am now adding a dd-wrt router to act as a firewall to ensure than ONLY traffic destined for my VPN-server IP is passed through. My current approach to this is to add these two rules to the router's firewall:
Code: Select all
# Drop all traffic going out the WAN port
iptables -I FORWARD -o vlan1 -j DROP
# Only allow traffic to the VPN (x.x.x.x = remote server IP)
iptables -I FORWARD -o vlan1 -d x.x.x.x -j ACCEPT
However, if I add these rules BEFORE the OpenVPN is established, then OpenVPN is unable to connect, so clearly I need to add/allow something else through the firewall, but I can't fathom what it is. Any tips?