Changes between Version 2 and Version 3 of 255-qconnection-initiated-with-xxxxq-but-i-cannot-ping-the-server-through-the-vpn


Ignore:
Timestamp:
03/27/17 09:18:52 (7 years ago)
Author:
Samuli Seppänen
Comment:

Remove a rather useless link that was also broken

Legend:

Unmodified
Added
Removed
Modified
  • 255-qconnection-initiated-with-xxxxq-but-i-cannot-ping-the-server-through-the-vpn

    v2 v3  
    33{{{
    44#!html
    5 <p>This usually occurs because a firewall on the server or client is blocking the TUN/TAP interface. If you already have a firewall on your system, chances are high that it will block incoming connections on new interfaces by default, so you will need to add explicit firewall rules to allow connections via the TUN/TAP interface. In general, it's reasonable to open up TUN/TAP interfaces to all traffic, since any incoming connections over these interfaces will already have been authenticated by OpenVPN. An exception to this rule would be if you <a href="/index.php/open-source/documentation/howto.html#policy">don't fully trust the OpenVPN clients connecting to the server</a>. Assuming that's not the case, on Linux, TUN/TAP interfaces can be opened up with the<strong>iptables</strong> shell command:</p>
     5<p>This usually occurs because a firewall on the server or client is blocking the TUN/TAP interface. If you already have a firewall on your system, chances are high that it will block incoming connections on new interfaces by default, so you will need to add explicit firewall rules to allow connections via the TUN/TAP interface. In general, it's reasonable to open up TUN/TAP interfaces to all traffic, since any incoming connections over these interfaces will already have been authenticated by OpenVPN. An exception to this rule would be if you don't fully trust the OpenVPN clients connecting to the server. Assuming that's not the case, on Linux, TUN/TAP interfaces can be opened up with the <strong>iptables</strong> shell command:</p>
    66<blockquote>
    77<pre><strong># Allow TUN interface connections to OpenVPN server<br />iptables -A INPUT -i tun+ -j ACCEPT<br /><br /> # Allow TUN interface connections to be forwarded through other interfaces<br />iptables -A FORWARD -i tun+ -j ACCEPT<br /><br /> # Allow TAP interface connections to OpenVPN server<br />iptables -A INPUT -i tap+ -j ACCEPT<br /><br /> # Allow TAP interface connections to be forwarded through other interfaces<br />iptables -A FORWARD -i tap+ -j ACCEPT</strong></pre>