Nftables und openvpn: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
= Variablen = | = Variablen = | ||
| − | *wandev = | + | *wandev = enp0s3 |
| − | * | + | *serverdev = enp0s10 |
| + | *dmzdev = enp9s9 | ||
*vpndev = tun0 | *vpndev = tun0 | ||
*vpnport = 1194 | *vpnport = 1194 | ||
| − | * | + | *server = 172.16.2xx.0/24 |
| − | *vpn = 172. | + | *dmz = 10.88.2xx.0/24 |
| + | *vpn = 172.20.2xx.0/24 | ||
{{#drawio:ipt-openvpn}} | {{#drawio:ipt-openvpn}} | ||
Version vom 29. Juli 2025, 12:02 Uhr
Variablen
- wandev = enp0s3
- serverdev = enp0s10
- dmzdev = enp9s9
- vpndev = tun0
- vpnport = 1194
- server = 172.16.2xx.0/24
- dmz = 10.88.2xx.0/24
- vpn = 172.20.2xx.0/24
![Bearbeiten](javascript:editDrawio("1672179045", "ipt-openvpn.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
Vorausgesetztes Connection Tracking
- Verschlüsselter Verkehr – OpenVPN UDP
- nft add rule inet filter ct state new iif $wandev udp dport $vpnport accept
- VPN → LAN
- Pakete aus dem Tunnel ins interne Netz
- nft add rule inet filter ct state new iif $vpndev oif $landev ip saddr $vpn ip daddr $lan ct state new accept