Portal Home > Knowledgebase > Articles Database > Open ports with OpenVPN? How do I do it?
Open ports with OpenVPN? How do I do it?
| Posted by hik4t, 07-12-2013, 12:15 PM |
| Hi,
I purchased a server in Sweden which had TUN/TAP & PPP activated. I turned it into a VPN-server and I've been using it for a while. Anyways, I noticed that all ports except 22 are closed. How do I open ALL ports?
I figured it has something to do with iptables? I asked a friend and he said that he didn't know how but it has nothing to do with the hosting-company, that you could do it straight on the server. Is it possible?
Thanks a lot!
|
| Posted by BestServerSupport, 07-12-2013, 12:36 PM |
| You can try following via SSH to open all ports for incoming and outgoing connections in your iptables firewall:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
|
| Posted by hik4t, 07-12-2013, 02:09 PM |
| I typed those commands and it didn't give me any errors. I then ran service iptables restart but my ports are still closed. They are open on my local router and they are open if I disconnect from the VPN.
|
| Posted by activelobby4u, 07-12-2013, 09:10 PM |
| This seems like an issue with VPN server config. What is the server you are using ?
|
| Posted by AsiaServerHost, 07-13-2013, 02:09 AM |
| maybe you need to save the iptables before restarting it?
|
| Posted by madaboutlinux, 07-13-2013, 10:07 AM |
| What is the output of 'iptables -L'?
BTW, is OpenVPN service running on your server and whether the port is defined in the OpenVPN configuration file. Unless the service is not running, the port won't respond.
FYI, if iptables commands you execute are correct, it doesn't show any output. You have to check the status using iptables -L.
|
| Posted by teradrop, 07-13-2013, 10:14 AM |
| Have you maybe tried testing to see if you can connect to the VPN by stopping iptables and then connecting.
service iptables stop
and then if you can connect then refer to the documentation to setup the routing: my post count is too low but just Google "iptables openvpn"
# Allow traffic initiated from VPN to access LAN
iptables -I FORWARD -i tun0 -o eth0 \
-s 10.8.0.0/24 -d 192.168.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT
# Allow traffic initiated from VPN to access "the world"
iptables -I FORWARD -i tun0 -o eth1 \
-s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Allow traffic initiated from LAN to access "the world"
iptables -I FORWARD -i eth0 -o eth1 \
-s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Allow established traffic to pass back and forth
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
-j ACCEPT
# Notice that -I is used, so when listing it (iptables -vxnL) it
# will be reversed. This is intentional in this demonstration.
# Masquerade traffic from VPN to "the world" -- done in the nat table
iptables -t nat -I POSTROUTING -o eth1 \
-s 10.8.0.0/24 -j MASQUERADE
# Masquerade traffic from LAN to "the world"
iptables -t nat -I POSTROUTING -o eth1 \
-s 192.168.0.0/24 -j MASQUERADE
# Save the iptables setup
[root@host ~] # iptables-save > iptables-dump.ipt
# Restore the iptables setup
[root@host ~] # iptables-restore < iptables-dump.ipt
|
| Posted by hik4t, 07-13-2013, 08:51 PM |
| This is the configurationfile that OpenVPN runs on, on the server. Screenshot: http://puu.sh/3ChG9.png
Typing my iptables command doesn't give any output, so I guess it's ok. This is the output of iptables -L. Screenshot: http://puu.sh/3ChJp.png
If I type "service iptables stop" my connection to the VPN dies completely. I have to type "iptables -t nat -A POSTROUTING -s 123.123.123.123/24 -j SNAT --to 123.123.123.123" (I replace the 123.123.123.123 with the real IP addresses).
What do I do with those commands you posted? Do I nano /etc/sysconfig/iptables and replace all data in there with that? I'm really inexperienced with this as you can probably tell.
Big thanks to all of you that attempts to solve this for me.
|
| Posted by madaboutlinux, 07-14-2013, 03:46 AM |
| iptables is fine.. it isn't blocking any ports. Specify the IP of your server in the OpenVPN configuration fine and make sure the keys are in the location mentioned in the configuration file.
You have to forward the traffic of private IPs back and forth so you have to add a few rules in the FORWARD chain to allow traffic from 10.8.0.0/24 subnet you mentioned in your configuration and deny rest. To do this, execute the following:
replace, YourSERVERIP with the actual IP of your server.
You should also enable IP forwarding, i.e. edit /etc/sysctl.conf and add the line at the bottom
save the file and execute
|
| Posted by hik4t, 07-14-2013, 09:54 AM |
| I did what you asked, but when I run 'service iptables restart' I get this: http://puu.sh/3CEFY.png
|
| Posted by FDSAsia, 07-14-2013, 11:55 AM |
| I think the last iptables rule must be like this:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source YourSERVERIP
|
| Posted by hik4t, 07-14-2013, 02:35 PM |
| Screenshot: http://puu.sh/3CO5o.png (cut off a bit on the IP)
I ran that command and got no errors. I then tried to see if my IP was open but it wasn't.
This is how my /etc/sysconfig/iptables look like:
What should I add to it? I guess that's the thing I need to modify.
|
| Posted by madaboutlinux, 07-15-2013, 03:14 AM |
| These are iptables NAT rules, so to view them execute:
FYI, before restarting iptables, you should save the rules you added by
Without saving the rules, iptables restart will erase them.
|
| Posted by hik4t, 07-15-2013, 07:12 PM |
| This is the output of iptables -L -t nat: http://puu.sh/3DO8U.png
Will retry with iptables save before restart, thanks
|
| Posted by hik4t, 07-15-2013, 10:17 PM |
| They have said that ALL ports are open but has to be enabled on my side on the VPS. The service is unmanaged so they won't do it for me.
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
