[CentOS] OpenVPN server and firewalld

Tue Apr 24 20:36:17 UTC 2018
Adam Tauno Williams <awilliam at whitemice.org>

> I am experiencing the same thing getting IPSec protected GRE packets
> to the gre1 interface.
> It works with the firewall disabled; haven't been able to figure out
> how to make it work with the firewall enabled.
> firewall-cmd allows me to add the interface, but then forgets about
> it.

While I cannot reference the interface in a firewall rule I have been
able to get the tunnel operational using:

  firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT

see the thread - "Libreswan IPSec Protected GRE Tunnel & firewall-cmd"

Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA