Hi, I try to get firewalld playing nice with openvpn but failed. I opened the opevpn udp port but I think the tun interface needs some love. The vpn is working when I disable firewalld.
Any pointers?
thx, Michiel
On 05/12/2014 02:53 PM, michiel karsch wrote:
Hi, I try to get firewalld playing nice with openvpn but failed. I opened the opevpn udp port but I think the tun interface needs some love. The vpn is working when I disable firewalld.
In which zone have you enabled the port 1194/udp? BTW: There is already a service for openvpn: openvpn
Is this zone the default zone?
Any pointers?
thx, Michiel
firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Regards, Thomas
Thomas Woerner wrote:
On 05/12/2014 02:53 PM, michiel karsch wrote:
Hi, I try to get firewalld playing nice with openvpn but failed. I opened the opevpn udp port but I think the tun interface needs some love. The vpn is working when I disable firewalld.
In which zone have you enabled the port 1194/udp? BTW: There is already a service for openvpn: openvpn
I've configured 2 zones: external and trusted and added eth1 (inet gateway) resp. and eth0 (lan).
<zone> <short>External</short> <service name="openvpnHi"/> <service name="http"/> <service name="ssh"/> <masquerade/> </zone>
<service name="openvpnHi"/> <service name="http"/> <service name="ssh"/> <service name="openvpn"/> <masquerade/>
<zone target="ACCEPT"> <short>Trusted</short> <description>All network connections are accepted.</description> <masquerade/> <forward-port to-addr="x.x.x.x." protocol="tcp" port="zzz"/> </zone>
Service openvpnHi is a cpy of openvpn with another udp port.
Is this zone the default zone?
No. I just left the default zone to, eh, default (public?).
--Michiel
firewalld-users@lists.fedorahosted.org