0

I am trying to setup VPN server (strognswan) and allow remote users access services like redis, nginx, mongodb etc. via VPN only - users should not have access to internet via VPN.

I'am able to connect to VPN server and send ping (iptables is allowing that), but i can't separate Internet (my public IP) and VPN network (10.10.10.0/24).

When i opening port 8080 i can access service via VPN, but also it is visible from by public IP.

My question is, how setup iptables allowing VPN users to access services on server but block others users from Internet?

#ipsec.conf - left

left=#myPublicIP
leftid=@mydomain.com
leftsubnet=#myPublicIP/32
leftfirewall=yes
lefthostaccess=yes
user9443103
  • 15
  • 5

1 Answers1

0

You need to add commands that you're using to configure iptables to allow ports, because I think that you're missing some important options.

For example, if the VPN interface is named tap0, to open a port only for VPN clients you can use this form of command with iptables:

# iptables -A INPUT -i tap0 -m tcp -p tcp --dport 8080 -j ACCEPT

(pay attention to each parameter, expecially -A and the order of rules, which is very important on iptables)

  • I added virtual NIC with address that is in DHCP pool on VPN and i can separate traffic by iptables using -a parameter. Thanks! – user9443103 May 01 '18 at 14:13