External/Public server to forward OpenVPN requests to Home network



  • I'd like to have a white list of IP's that hit 1194 on my Home firewall/OpenVPN server, but since I'm on the road a lot my public IP is never the same. Here's my thought on how to fix this....what are your thoughts? fedloan

    I'm already paying for a VPS (centOS webserver) and was wondering if I could setup additional software on the CentOS box to forward all OpenVPN requests to my Home public router/OpenVPN Server? The IP would always be the same and maybe help move all the bot brute forcing away from my little home router and onto the hosted VPS...while obfuscating the listening port on the CentOS box (Any UDP request to <obfuscated high port> on CentOS, forward to Home router port 1194) irs.gov

    Has anyone done something similar? Is this the best way to go about this? easybib



  • @JurusGomes said in External/Public server to forward OpenVPN requests to Home network:

    was wondering if I could setup additional software on the CentOS box to forward all OpenVPN requests to my Home public router/OpenVPN Server?

    There's no special software needed. That can be done with iptables which is already integrated in CentOS, but...

    @JurusGomes said in External/Public server to forward OpenVPN requests to Home network:

    maybe help move all the bot brute forcing away from my little home router

    Do you really have problems with brute force OpenVPN authentication attempts?
    With your intention you would only push the problem to the firewall filter.
    You may change your IP to a high port on your home router as well to keep down OpenVPN auth attempts.

    I think it would make more sense to use a dynamic DNS on your mobile device than go over the VPS. So can restrict access to your VPN by firewall rule to your mobile hostname and get the same result.


  • LAYER 8 Netgate

    Most of us just run it open. OpenVPN discards any packets that are not using the correct TLS key.

    Remote Access VPN is almost always passed from source address any.


Log in to reply