CSF and OpenVPN

Issue

Out-of-the-box, CSF + OpenVPN don't work together. Well, not with further configuration.

Let's say your OpenVPN conf is working, but you just can't get out on the internet through your VPN box.

Seems we need some masquerade and maybe other things..

Configuration

Here is my conf :

eth0 : external nic
10.8.0.0/24 : my tunnel network

Solution

Don't forget to enable packet forwarding :
echo 1 > /proc/sys/net/ipv4/ip_forward

Edit your sysctl file to make your change permanent.

Then create the following file in your csf folder :

vi /etc/csf/csfpost.sh

Enter the following :

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Relaunch csf :

csf -r

Enjoy. De nada.