VPN Client as Gateway and incoming connections not filtered



  • I set up a vpn client, associated with an interface. I configured outgoing nat and the gateway. Using policy routing I can force hosts to navigate using the VPN.
    I set up some NAT to allow connections to some services from the VPN interface. Apart from the automatic nat rules, the vpn-gateway firewall tab is empty (not the openvpn).

    Now I tried a port scan from outside to the public IP associated to my VNP iface and I can see opened all sort of local ports in addition to the natted ones: 53, nrpe, DNSBL 8081 and 8083

    So there isn't a default block policy on the vpn interface?

    –edit--

    is the openvpn tab in firewall to be intended and an interface group of all vpn (client and server) definitions?



  • Yes, the OpenVPN tab is an interface group.
    If you need different rules for your OVPN instances delete all rules here and assign a separate interface to each vpn instance and set the needed rules there.



  • that makes sense now  :D