Site icon Henry's Notes

IPtables for routing over OpenVPN on Linux

Enable forwarding:

sysctl -w net.ipv4.ip_forward=1

Create this script eg sudo nano iptables.sh

eth=$1
proto=$2
port=$3

# OpenVPN
iptables -A INPUT -i "$eth" -m state --state NEW -p "$proto" --dport "$port" -j ACCEPT

# Allow TUN interface connections to OpenVPN server
iptables -A INPUT -i tun+ -j ACCEPT

# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o "$eth" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i "$eth" -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT

# NAT the VPN client traffic to the internet
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o "$eth" -j MASQUERADE

Run the script with sudo bash iptables.sh eth0 udp 1194:

Now test it!

If it didn’t work reboot.

If it did work save the configuration with iptables-persistent.

Debian/Ubuntu: sudo apt install iptables-persistent. If already installed you can use sudo dpkg-reconfigure iptables-persistent.

Fedora: Consider using firewalld instead of iptables.

Source: GitHub

Exit mobile version