How to achieve these firewall settings with OpenVPN?
Posted: Fri Aug 07, 2020 12:50 pm
Hello everyone,
Is there a way to prevent NetScans to be run while connected to OpenVPN?
For IKEv2 I have the following firewall settings which disallows a NetScan by reducing the requests per second to 5. (Making it too slow to be useful or be detected by the provider)
In IKEv2 I would do this to forward the IPSEC traffic to OUTGOING section that I created earlier.
But how could I achieve this in OpenVPN? Ipsec is built into the kernel and iptables is an interface to kernel functionality. Whereas openvpn is userspace only. 
Could I achieve the same thing in OpenVPN by doing this: (although this sends all packets to OUTGOING and not just the VPN packets)
Many Thanks,
Is there a way to prevent NetScans to be run while connected to OpenVPN?
For IKEv2 I have the following firewall settings which disallows a NetScan by reducing the requests per second to 5. (Making it too slow to be useful or be detected by the provider)
Code: Select all
iptables -N PRIVATE_ADDRS_FILTER
iptables -N OUTGOING
iptables -A OUTGOING -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTGOING -j PRIVATE_ADDRS_FILTER
iptables -A OUTGOING -m conntrack --ctstate NEW -m hashlimit --hashlimit-name NETSCANv4 --hashlimit-upto 5/sec --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-srcmask 32 -j ACCEPT
iptables -A PRIVATE_ADDRS_FILTER -d 10.0.0.0/8 -j DROP
iptables -A PRIVATE_ADDRS_FILTER -d 172.16.0.0/12 -j DROP
iptables -A PRIVATE_ADDRS_FILTER -d 192.168.0.0/16 -j DROPCode: Select all
iptables -A FORWARD -m policy --pol ipsec --dir in -j OUTGOINGCould I achieve the same thing in OpenVPN by doing this: (although this sends all packets to OUTGOING and not just the VPN packets)
Code: Select all
iptables -A FORWARD -m policy --pol none --dir in -j OUTGOING