Page 1 of 1

Firewall rules for OpenVPN Access server

Posted: Wed Dec 19, 2018 9:38 am
by MariusE
Hello,

My VPN setup is working just fine but I'm experiencing an issue : how can I make the web client accessible through the VPN only ? I don't want anybody bruteforcing my Admin UI. I checked the default firewall but I don't seem to be able to allow connection on port 943 only from the VPN's ip range.

That could also help me putting several services through the VPN : chat , file sharing ..

I was wondering how to proceed on allowing access to certain ports from certain ip's.

Thanks.
Marius

Re: Firewall rules for OpenVPN Access server

Posted: Wed Dec 19, 2018 10:15 am
by novaflash
Regarding bruteforcing, there's an automatic lockout in place. You should check this security recommendations page first though:
https://openvpn.net/vpn-server-resource ... tallation/

And to allow access only through VPN you can disable service forwarding for the admin web service and bind it to an internal only IP address. You'd need an interface on your Access Server that has such a private IP. You can a dummy adapter if you don't have it.

Re: Firewall rules for OpenVPN Access server

Posted: Wed Dec 19, 2018 1:17 pm
by MariusE
Hi,

Would you suggest installing my applications on the same server ? Because I will need to have other applications routed through the VPN.
Should I just use a dedicated server for OpenVPN and an other one as client for my applications ? Should I try to mess with the firewall?

Thanks for your reply.

Marius

Re: Firewall rules for OpenVPN Access server

Posted: Wed Dec 19, 2018 5:45 pm
by novaflash
I would suggest separating roles, so have a separate server for Access Server, and a separate server for your other applications.

Re: Firewall rules for OpenVPN Access server

Posted: Wed Dec 19, 2018 5:45 pm
by novaflash
Oh and those can be virtual servers of course, otherwise things would get needlessly expensive for no good reason.