KO

Page 4: Security and Network Configuration

4. Security and Network Configuration

Enable IP forwarding so the server can relay traffic, and apply firewall rules.

4.1. IP Forwarding and SELinux Settings

sudo sysctl -w net.ipv4.ip_forward=1 # Enable IP forwarding immediately
sudo semanage port -a -t openvpn_port_t -p udp 1194 # Allow OpenVPN port in SELinux

4.2. IPTables Firewall Rules

sudo iptables -A INPUT -p udp --dport 1194 -j ACCEPT # Allow port 1194
sudo iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # Forward internal to external
sudo iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow external response
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE # NAT address translation

4.3. Persistent Boot Setup (/etc/rc.local)

/etc/rc.local
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Contact Us