Did You Know?

You can create any type of product documentation with Docly

OpenVPN Centos 7/8 – Firewall and Routing Configuration

chihong
September 29, 2021 2 minutes read
Tutorials

Set Firewall Rules

1. Start by checking your active firewalld zone:

firewall-cmd --get-active-zones

The output will show your firewalld zone. In the example below, it is public.

Check firewalld zone.

2. Add the openvpn service to the list of services firewalld allows within the active zone. The active zone in our example is public. If your active zone is trusted, modify the command accordingly.

firewall-cmd --zone=public --add-service openvpn

3. Next, make the settings above permanent by running the command:

firewall-cmd --zone=public --add-service openvpn --permanent

4. To check whether the openvpn service was added use:

firewall-cmd --list-services --zone=public
Check firewalld services.

5. Then, add a masquerade to the runtime instance:

firewall-cmd --add-masquerade

6. And make it permanent:

firewall-cmd --add-masquerade --permanent

7. Verify the masquerade was added by running:

firewall-cmd --query-masquerade

The output should respond with yes.

Check the masquerade was added to the runtime instance.

Routing the Configuration

Once you have completed the steps above, move on to routing to your OpenVPN subnet.

1. Create a variable that represents the primary network interface used by your server. In the command below, the variable is named VAR. However, you can create a variable under the name of your choice.

VAR=$(ip route get 208.67.222.222 | awk 'NR==1 {print $(NF-2)}')

2. Next, permanently add the routing rule using the variable created above:

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o $VAR -j MASQUERADE

3. Reload firewalld for the changes to take place:

firewall-cmd --reload

4. Move on to routing all web traffic from the client to the server’s IP address by enabling IP forwarding. Open the sysctl.conf file:

vi /etc/sysctl.conf

5. Add the following line at the top of the file:

net.ipv4.ip_forward = 1

6. Finally, restart the service:

systemctl restart network.service

enable_masquerade.sh

iptables -t nat -I POSTROUTING -o eth0 \
-s 10.8.0.0/24 -j MASQUERADE

VAR=$(ip route get 208.67.222.222 | awk 'NR==1 {print $(NF-2)}')
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o $VAR -j MASQUERADE
firewall-cmd --reload

/etc/rc.d/rc.local

sleep 1

echo "Cactus Software Solutions"
sudo bash /root/enable_masquerade.sh

Source: phoenixnap

Share This Article

Related Post

3 minutes read Tutorials

Hướng dẫn cài đặt và cấu hình Cr

1. Kết nối với Server / VPS bằng quyền root ...

1 minute read Tutorials

Mirroring a repository

1.Open Git Bash. 2.Create a bare clone of the re...

1 minute read Tutorials

IPtables for routing over OpenVPN on Linux

Enable forwarding: sysctl -w net.ipv4.ip_forward=1...

Leave a Comment

Who is Alia!

The founder of A-Works, Inc, an Elite Author on Envato. The world leading market for WordPress themes and plugins.

Subscribe to our mailing list

* indicates required

About me.

The founder of Cactus Software Solutions Co., Ltd.

Subscribe to our mailing list

* indicates required