Nftables und openvpn: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 4: | Zeile 4: | ||
*vpndev = tun0 | *vpndev = tun0 | ||
*vpnport = 1194 | *vpnport = 1194 | ||
| − | * | + | *lan= 10.82.228.0/24 |
| − | * | + | *vpn = 172.31.2.0/24 |
{{#drawio:ipt-openvpn}} | {{#drawio:ipt-openvpn}} | ||
Version vom 22. April 2025, 13:48 Uhr
Variablen
- wandev = eth0
- landev = ens19
- vpndev = tun0
- vpnport = 1194
- lan= 10.82.228.0/24
- vpn = 172.31.2.0/24
![Bearbeiten](javascript:editDrawio("2123093790", "ipt-openvpn.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Vorausgesetztes Connection Tracking
- Verschlüsselter Verkehr – OpenVPN UDP
- nft add rule inet filter input iifname "$WANDEV" udp dport $OVPNPORT ct state new accept
- VPN → LAN
- Pakete aus dem Tunnel ins interne Netz
- nft add rule inet filter forward iifname "$VPNDEV" oifname "$LANDEV" ip saddr $VPN ip daddr $LAN ct state new accept