Difference between revisions of "Firewall VPN"
(Created page with "Category:Linux =VPN firewall= Adjust the following to your own port, network ID and protocol: <syntaxhighlight lang="bash"> IPTABLES=`which iptables` INT_ETH=eth0 IP_...") |
|||
Line 1: | Line 1: | ||
[[Category:Linux]] | [[Category:Linux]] | ||
+ | |||
+ | |||
+ | =What is a VPN= | ||
+ | |||
+ | As a quick reminder, you can use a VPN for 3 things: | ||
+ | * Mask your source IP @ | ||
+ | |||
+ | [[File:VPN change ip address 1.png|none|VPN change ip address (1)]] | ||
+ | |||
+ | [[File:VPN change ip address 2.png|none|VPN change ip address (2)]] | ||
+ | |||
+ | |||
+ | * Secure communication through the VPN server | ||
+ | |||
+ | [[File:VPN client to client.png|none|VPN client to client]] | ||
+ | |||
+ | |||
+ | * Access remote LAN | ||
+ | |||
+ | [[File:VPN to lan.png|none|VPN to LAN]] | ||
+ | |||
+ | |||
+ | Of course you can combine some / all of these usages. | ||
+ | |||
+ | |||
+ | |||
Revision as of 13:55, 8 August 2014
What is a VPN
As a quick reminder, you can use a VPN for 3 things:
- Mask your source IP @
- Secure communication through the VPN server
- Access remote LAN
Of course you can combine some / all of these usages.
VPN firewall
Adjust the following to your own port, network ID and protocol:
IPTABLES=`which iptables`
INT_ETH=eth0
IP_LAN_ETH=`/sbin/ifconfig $INT_ETH | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`
INT_VPN=tun0
VPN_PORT="8080"
VPN_PROTOCOL="udp"
LAN_ADDRESS_VPN="172.16.60.0/24"
echo -e " "
echo -e "------------------------"
echo -e " VPN configuration"
echo -e "------------------------"
echo " "
echo -e "# VPN interface : $INT_VPN"
echo -e "# VPN IP @ : $LAN_ADDRESS_VPN"
echo -e "# VPN port : $VPN_PORT"
echo -e "# VPN protocol : $VPN_PROTOCOL"
echo -e "-------------------------------------- "
# Allow devices communication $ETH0 <--> tun0
$IPTABLES -t nat -A POSTROUTING -s $LAN_ADDRESS_VPN -o $INT_ETH -j MASQUERADE
$IPTABLES -A FORWARD -s $LAN_ADDRESS_VPN -j ACCEPT
echo -e " ... Allow VPN connections"
$IPTABLES -A INPUT -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport $VPN_PORT -j ACCEPT
echo -e " ... Allow everything to go through VPN - all INPUT,OUTPUT,FORWARD"
$IPTABLES -A INPUT -i $INT_VPN -m state ! --state INVALID -j ACCEPT
$IPTABLES -A OUTPUT -o $INT_VPN -m state ! --state INVALID -j ACCEPT
$IPTABLES -A FORWARD -o $INT_VPN -m state ! --state INVALID -j ACCEPT
echo -e " ... Allow VPN network communication (required for client <> client comm.)"
$IPTABLES -A INPUT -s $LAN_ADDRESS_VPN -d $LAN_ADDRESS_VPN -j ACCEPT
$IPTABLES -A OUTPUT -s $LAN_ADDRESS_VPN -d $LAN_ADDRESS_VPN -j ACCEPT