How to configure openvpn server only listen on the localhost

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
jianjunliu
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 14, 2013 4:14 pm

How to configure openvpn server only listen on the localhost

Post by jianjunliu » Fri Mar 08, 2013 3:42 pm

I have an openvpn-2.2.2 server running well on a centos 5 vps with the following conf:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
The iptables is something like this:

Code: Select all

[root@server1 openvpn]# iptables -L -v
Chain INPUT (policy ACCEPT 24640 packets, 3252K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  tun+   venet+  anywhere             anywhere            
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 

Chain OUTPUT (policy ACCEPT 21756 packets, 4247K bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@server1 openvpn]# 
[root@server1 openvpn]# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 2081 packets, 159K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   140 DNAT       udp  --  any    any     anywhere             anywhere            multiport dports ndmp:40000 to:x.x.x.x:1194 

Chain POSTROUTING (policy ACCEPT 1579 packets, 122K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       all  --  any    venet+  10.10.0.0/24         anywhere            to:x.x.x.x

Chain OUTPUT (policy ACCEPT 1579 packets, 122K bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@server1 openvpn]#
Now with pure thinking out of my head, I am trying to configure the openvpn-server not to expose its single (default) port by adding the following line in the head of server.conf file:

Code: Select all

local 127.0.0.1
and then changed iptables by

Code: Select all

iptables -t nat -A PREROUTING -p udp -d x.x.x.x --match multiport --dports 10000:40000 -j DNAT --to 127.0.0.1:1194
then iptables saved right, openvpn-server restarts ok. But it just doesn't listen anything.
Can anybody kindly help me on this?
Top
jianjunliu
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 14, 2013 4:14 pm

Re: How to configure openvpn server only listen on the local

Post by jianjunliu » Sat Mar 09, 2013 10:49 am

Just find I asked a stupid question. I have got a different solution to what I need.
Please delete this post if possibly.
Top
Post Reply

Return to “Configuration”