OpenVPN-AS setup with firewalld
Posted: Mon Jul 20, 2020 7:33 pm
Hi all,
I tried my best to get it working on my own, but I cannot find the trick...
It would be great to get some hints…
Server A is hosting OpenVPN-AS and additionally several services listening on multiple ports.
Those services should all only be reachable when connected via VPN. Should be a quite usual scenario.
When firewalld is disabled, everything works as expected. All services are reachable (of course), and also via the VPN Connection everything is reachable.
When firewalld is enabled, only those services/ports listed in public zone are reachable, which also makes sense.
But nothing outside the public zone is working.
My initial idea was, to assign the OpenVPN interfaces to the trusted zone, but this had no effect.
Perhaps I have a technical misunderstanding of the zones here, but how else can I make use of them without assigning the interfaces?
It would be great to get some tips how to get the above setup working.
What would be the standard way for setting up firewalld to grant access to services only from VPN interfaces?
Thanks a lot in advance and best regards,
Ben
I tried my best to get it working on my own, but I cannot find the trick...
It would be great to get some hints…
Server A is hosting OpenVPN-AS and additionally several services listening on multiple ports.
Those services should all only be reachable when connected via VPN. Should be a quite usual scenario.
When firewalld is disabled, everything works as expected. All services are reachable (of course), and also via the VPN Connection everything is reachable.
When firewalld is enabled, only those services/ports listed in public zone are reachable, which also makes sense.
But nothing outside the public zone is working.
My initial idea was, to assign the OpenVPN interfaces to the trusted zone, but this had no effect.
Perhaps I have a technical misunderstanding of the zones here, but how else can I make use of them without assigning the interfaces?
It would be great to get some tips how to get the above setup working.
What would be the standard way for setting up firewalld to grant access to services only from VPN interfaces?
Thanks a lot in advance and best regards,
Ben
