openvpn tun forwarding with firewalld

Question

I have an OpenVPN server on Fedora 19 with 2 clients - 1 client on the same LAN as the server, and the other on the internet.
I want the 2 clients to be able to talk to each other thru the tunnel and, if I stop firewalld.service on the server, they can.
How can I configure firewalld to allow this traffic? either with the GUI, or with firewall-cmd.
I think the equivalent iptables commands would be:

iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT

How to do that with firewalld?

score 10 · Answer 1 · answered Aug 03 '14 at 07:26

10

I had the same issue, but this finally worked for me:

First, enable forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward
And then authorize your tun0 interface with firewalld:

firewall-cmd --zone=trusted --add-interface=tun0

Add --permanent to the last command to make it persistant.

I had nothing more to do except the usual OpenVPN configuration.

answered Aug 03 '14 at 07:26

julienc

203
3
11

1

You just inspired me to completely isolate all clients by firewall-cmd --zone=block --add-interface=tun0 Thanks. – Timmy Chiu Apr 06 '15 at 21:24
1

When you say "the usual OpenVPN configuration", what other "usual" firewall-cmd's would apply (assuming OpenVPN is running on TCP 443), and to which zones? – Christopher Mar 04 '16 at 02:26
infinity upvoats for you – 111 Feb 01 '21 at 07:57

openvpn tun forwarding with firewalld

1 Answers1