[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenVPN and iptables

  • Subject: Re: [Openvpn-users] OpenVPN and iptables
  • From: "Britain Crooker" <britainc@xxxxxxxxxxxxxx>
  • Date: Thu, 15 Nov 2007 08:29:29 -0500

I will try that - does it matter if I my network device is tap0 instead of
tun0 (other than changing the '-i tun0' part of the statements below)?

-----Original Message-----
From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Alexandros
Sent: Thursday, November 15, 2007 1:50 AM
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] OpenVPN and iptables

On Thursday 15 November 2007 01:12, Britain Crooker wrote:
> We have Subversion running on the same server that has OpenVPN on it.  I
> would like to come up with some way to say "only allow clients to connect
> to Subversion if they are connected via the VPN".

This doesn't have much to do with the VPN per se.

For TCP connections:
/sbin/iptables -A INPUT -t filter -i tun0 -p tcp -s --sport 
1024 -d --dport 3690 -j ACCEPT

Same for UDP:
/sbin/iptables -A INPUT -t filter -i tun0 -p udp -s --sport 
1024 -d --dport 3690 -j ACCEPT

With these rules only will be able to connect through
tun0 device to the SVN ports.
OpenVPN mailing lists

Openvpn-users mailing list