OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

How to configure openvpn server only listen on the localhost

https://forums.openvpn.net/viewtopic.php?t=12393

Page 1 of 1

How to configure openvpn server only listen on the localhost

Posted: Fri Mar 08, 2013 3:42 pm
by jianjunliu
I have an openvpn-2.2.2 server running well on a centos 5 vps with the following conf:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
The iptables is something like this:

Code: Select all

[root@server1 openvpn]# iptables -L -v
Chain INPUT (policy ACCEPT 24640 packets, 3252K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  tun+   venet+  anywhere             anywhere            
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 

Chain OUTPUT (policy ACCEPT 21756 packets, 4247K bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@server1 openvpn]# 
[root@server1 openvpn]# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 2081 packets, 159K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    2   140 DNAT       udp  --  any    any     anywhere             anywhere            multiport dports ndmp:40000 to:x.x.x.x:1194 

Chain POSTROUTING (policy ACCEPT 1579 packets, 122K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SNAT       all  --  any    venet+  10.10.0.0/24         anywhere            to:x.x.x.x

Chain OUTPUT (policy ACCEPT 1579 packets, 122K bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@server1 openvpn]#
Now with pure thinking out of my head, I am trying to configure the openvpn-server not to expose its single (default) port by adding the following line in the head of server.conf file:

Code: Select all

local 127.0.0.1
and then changed iptables by

Code: Select all

iptables -t nat -A PREROUTING -p udp -d x.x.x.x --match multiport --dports 10000:40000 -j DNAT --to 127.0.0.1:1194
then iptables saved right, openvpn-server restarts ok. But it just doesn't listen anything.
Can anybody kindly help me on this?

Re: How to configure openvpn server only listen on the local

Posted: Sat Mar 09, 2013 10:49 am
by jianjunliu
Just find I asked a stupid question. I have got a different solution to what I need.
Please delete this post if possibly.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/