VPN Client as Gateway and incoming connections not filtered
-
I set up a vpn client, associated with an interface. I configured outgoing nat and the gateway. Using policy routing I can force hosts to navigate using the VPN.
I set up some NAT to allow connections to some services from the VPN interface. Apart from the automatic nat rules, the vpn-gateway firewall tab is empty (not the openvpn).Now I tried a port scan from outside to the public IP associated to my VNP iface and I can see opened all sort of local ports in addition to the natted ones: 53, nrpe, DNSBL 8081 and 8083
So there isn't a default block policy on the vpn interface?
–edit--
is the openvpn tab in firewall to be intended and an interface group of all vpn (client and server) definitions?
-
Yes, the OpenVPN tab is an interface group.
If you need different rules for your OVPN instances delete all rules here and assign a separate interface to each vpn instance and set the needed rules there. -
that makes sense now :D