[CentOS] OpenVPN server and firewalld

Tue Apr 24 20:31:19 UTC 2018
Adam Tauno Williams <awilliam at whitemice.org>

> I tried adding the tun0 interface to the internal zone and firewall-
> cmd told me tun0 was managed by NetworkManager. After that it didn't
> show tun0 as a member of any zone.
> #  firewall-cmd --zone=internal --add-interface=tun0
> The interface is under control of NetworkManager, setting zone to 
> 'internal'. success
> # firewall-cmd --list-all-zones
> (long list of zones, none of which have tun0 in their interfaces
> field)

I am experiencing the same thing getting IPSec protected GRE packets to
the gre1 interface.

It works with the firewall disabled; haven't been able to figure out
how to make it work with the firewall enabled.

firewall-cmd allows me to add the interface, but then forgets about it.

-- 
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA