|
|
siegfried wrote: > I’m trying to understand the installation procedures at > http://www.nslu2-linux.org/wiki/HowTo/SetUpOpenVPNServer . Note that this isn't official OpenVPN-project-maintained documentation. The official documentation is at http://openvpn.net/, but doesn't (that I know of) have any explicit coverage of Unslung. > Can anyone speculate why it says to add these firewall rules (see below) > for a point-to-point client (peer)? The rules are relevant only if you would otherwise have a local (host-based) firewall with rules or policies in place denying the traffic these rules are intended to permit. > "$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 1194 -j ACCEPT" This ensures that the firewall isn't blocking the incoming UDP traffic. > $IPT -A INPUT -i tun+ -j ACCEPT This is trusting any traffic coming over a tunnel. $IPT -A OUTPUT -o tun+ -j ACCEPT This is allowing the server to send anything it likes over a tunnel. > 1. $IPT -A FORWARD -i tun+ -j ACCEPT This is allowing VPN clients to send traffic to any other network adapters the VPN server happens to be connected to. > $IPT -A INPUT -i tap+ -j ACCEPT This is allowing the server to receive any traffic sent over a tap-style adapter. It isn't relevant to bridging, but rather to a tap-based endpoint. > 1. $IPT -A OUTPUT -o tap+ -j ACCEPT This is allowing the server to send any traffic it likes over a tap-style adapter. It isn't relevant to bridging, but rather a tap-based endpoint. ...and so on. If you don't have a firewall, though, this is all irrelevant -- and if you *do* have a firewall, you should understand it well enough to not be blindly following these instructions. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |