[CentOS] openvpn and firewalld

Fri May 8 13:34:58 UTC 2015
Bowie Bailey <Bowie_Bailey at BUC.com>

I am trying to build a new openvpn server based on CentOS7. Everything 
is working fine as long as I disable firewalld.  With firewalld enabled, 
I can connect to the vpn and ping the machines on the network, but I am 
unable to ssh to them.

What I had on my old server with iptables was two simple rules:

-A RH-Firewall-1-INPUT -s <localnet>/255.255.0.0 -d <vpnnet>/255.255.0.0 
-j ACCEPT
-A RH-Firewall-1-INPUT -s <vpnnet>/255.255.0.0 -d <localnet>/255.255.0.0 
-j ACCEPT

This allowed all traffic to flow between my vpn subnet and the local 
network.  How can I duplicate this behavior with firewalld?

I even tried using the --direct option to put in these same rules 
without success.  Although I may not have done it quite right -- 
firewalld seems to have added 20 extra chains to the rule structure and 
I'm not sure exactly where I should put these rules.

Unfortunately, I cannot easily debug this while I'm at the office, but 
if you can give me any suggestions, I can try them out when I get home 
tonight.

Thanks!

-- 
Bowie