Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
TomRoche
PostPosted: Wed Oct 15, 2014 11:01 pm 
Offline
Newbie

Joined: Sun Sep 14, 2014 8:45 pm
Posts: 3
I'm setting up a Debian 7 linode which will need to run OpenVPN. Before starting the Debian OpenVPN instructions I setup the linode using the Getting Started and Securing Your Server docs, so my linode's firewall configuration is

Code:
me@linode:~$ date ; sudo iptables -L
> Wed Oct 15 21:24:25 EDT 2014
> Chain INPUT (policy ACCEPT)
> target     prot opt source        destination
> fail2ban-ssh  tcp  --  anywhere   anywhere       multiport dports ssh
> ACCEPT     all  --  anywhere      anywhere
> REJECT     all  --  anywhere      loopback/8     reject-with icmp-port-unreachable
> ACCEPT     all  --  anywhere      anywhere       state RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere      anywhere       tcp dpt:http
> ACCEPT     tcp  --  anywhere      anywhere       tcp dpt:https
> ACCEPT     tcp  --  anywhere      anywhere       state NEW tcp dpt:ssh
> ACCEPT     icmp --  anywhere      anywhere
> LOG        all  --  anywhere      anywhere       limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
> DROP       all  --  anywhere      anywhere

> Chain FORWARD (policy ACCEPT)
> target     prot opt source        destination
> DROP       all  --  anywhere      anywhere

> Chain OUTPUT (policy ACCEPT)
> target     prot opt source        destination
> ACCEPT     all  --  anywhere      anywhere

> Chain fail2ban-ssh (1 references)
> target     prot opt source        destination
> RETURN     all  --  anywhere      anywhere


Unfortunately my knowledge of linux networking generally, and `iptables` particularly, is not great. So I'd like to know: will I need to change my `iptables` rules in order to accommodate OpenVPN? Note my usecase is pretty simple: I'm just configuring the linode to be a jumpbox through which to route traffic to another network.
Top
   
Reply with quote  
levlaz
PostPosted: Sat Nov 01, 2014 9:00 am 
Offline
Linode Staff

Joined: Mon Aug 18, 2014 2:43 pm
Posts: 35
Website: https://levlaz.org
Location: Absecon, NJ
Hello!

From the OpenVPN documentation[1], openVPN runs on the following ports:

Quote:
Short answer: TCP 443, TCP 943, UDP 1194
Long answer: By default OpenVPN Access Server has 2 OpenVPN daemons running. One of them on UDP port 1194 and another on TCP 443. We recommend that you use the UDP port because this functions better for an OpenVPN tunnel. However, many public locations block all sorts of ports except very common ones like http, https, ftp, pop3, and so on. Therefore we also have TCP 443 as an option. TCP port 443 is the default port for https:// (SSL) traffic and so this is usually allowed through at the user's location.
TCP port 943 is the port where the web server interface is listening by default. You can either approach this directly using a URL like https://yourserverhostnamehere:943/ or by approaching it through the standard https:// port TCP 443, since the OpenVPN daemon will automatically internally route browser traffic to TCP 943 by default. (https://yourserverhostnamehere/).


So, depending on which ports you would like to use, you will need ensure that they are opened up in IP tables.

[1] https://docs.openvpn.net/frequently-asked-questions/

Best,
Lev

_________________
Best,
Lev
https://levlaz.org
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group