[CentOS] OpenVPN server and firewalld

Fri Dec 29 16:24:46 UTC 2017
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, December 29, 2017 3:32 am, Kenneth Porter wrote:
> How do I insert the iptables rule below using firewalld?
> I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to
> get
> OpenVPN working to allow home workers to access PCs at the office. I've
> got
> it all working but only by manually inserting an ACCEPT rule in the
> iptables chain:
> iptables -I FORWARD 3 -i tun+ -j ACCEPT
> This rule was extracted from my iptables firewall under CentOS6. The 3
> puts
> it after the accepts for established connections and loopback connections,
> but before any firewalld sub-chains. With this I can connect to an
> internal
> Windows 10 system with Remote Desktop.
> How can I inject this rule using firewalld, either as a direct rule or as
> some more firewalld-approved kind of rule?

This is not and answer to your questions, still I will mention it anyway.
I use pfsense for the same, and it installs seamlessly, is configured
easily (through web interface), and works reliably. Also: it is really
very lightweight on hardware demands and is quite small footprint. It is
based on FreeBSD. If I were replacing/upgrading any firewall/gateway/...
VPN... I will definite consider pfsense (add to my scope of candfidates):


I hope, this helps.


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247