Aktuelle Version vom 11. Mai 2026, 13:44 Uhr

Variablen

ct state new iif $WANDEV udp dport $VPNPORT accept

ct state new iif $VPNDEV oif $SERVERDEV ip saddr $VPN ip daddr $SERVER accept

ct state new iif $VPNDEV oif $DMZDEV ip saddr $VPN ip daddr $DMZ accept

@@ Zeile 1: / Zeile 1: @@
 = Variablen =
-*WANDEV = eth0
+*WANDEV = enp0s3
-*LANDEV = ens19
+*SERVERDEV = enp0s10
+*DMZDEV = enp0s8
+*SERVER = 10.2XX.1.0/24
+*DMZ = 10.88.2XX.0/24
 *VPNDEV = tun0
-*OVPNPORT = 1194
+*VPNPORT = 1194
-*LAN = 10.82.228.0/24
+*VPN = 172.20.2XX.0/24
-*VPN = 172.31.2.0/24
 {{#drawio:ipt-openvpn}}
 = Vorausgesetztes Connection Tracking =
+; Verschlüsselter Verkehr – OpenVPN UDP (input Kette)
-; Verschlüsselter Verkehr – OpenVPN UDP
+ ct state new iif $WANDEV udp dport $VPNPORT accept
-*nft add rule inet filter input iifname "$WANDEV" udp dport $OVPNPORT ct state new accept
+; VPN → SERVER: Pakete aus dem Tunnel ins interne Netz (forward Kette)
+ ct state new iif $VPNDEV oif $SERVERDEV ip saddr $VPN ip daddr $SERVER accept
-; VPN → LAN: Pakete aus dem Tunnel ins interne Netz
+; VPN → DMZ: Pakete aus dem Tunnel ins interne Netz (forward Kette)
-*nft add rule inet filter forward iifname "$VPNDEV" oifname "$LANDEV" ip saddr $VPN ip daddr $LAN ct state new accept
+ ct state new iif $VPNDEV oif $DMZDEV ip saddr $VPN ip daddr $DMZ accept