FirewallD and OpenVPN
Posted: 2019/11/11 15:22:22
I am not very familiar with FirewallD yet, but I am having a issue getting OpenVPN traffic to flow across it correctly. I have OpenVPN working, and connected clients can ping to the server just fine, and to each other, but if I try to ping from the remote client to another machine on the local network where the server is located, the packets are masqueraded. I have the external and internal zones set, OpenVPN setup to use the "trusted" zone. Internal interface is set to "internal" zone and the external interface is set to the "external" zone -
So
remote client -> server (ok)
remote client -> remote client (ok)
server -> remote client (ok)
remote client -> local computer to server (not ok)
When I do a " tcpdump -i tun0 icmp" I see the ping from my client to the destination I am pinging to. (destination is 172.28.101.45)
When I do a " tcpdump -i enp3s0 icmp" I see the icmp packets leaving the local interface to the machine I am trying to ping, but the from address is the WAN address instead of the address of the vpn client like the packets when I dump the tun0 interface
Any suggestions? Thanks!
Code: Select all
internal (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: bacula mdns samba-client ssh
ports: 10000/tcp 943/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external (active)
target: default
icmp-block-inversion: no
interfaces: enp4s0
sources:
services: openvpn ssh
ports: 1194/udp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources: 10.8.0.0/24
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
remote client -> server (ok)
remote client -> remote client (ok)
server -> remote client (ok)
remote client -> local computer to server (not ok)
When I do a " tcpdump -i tun0 icmp" I see the ping from my client to the destination I am pinging to. (destination is 172.28.101.45)
Code: Select all
09:14:43.150318 IP 10.8.0.101 > 172.28.101.45: ICMP echo request, id 9234, seq 1, length 64
Code: Select all
09:14:04.618830 IP xx-xx-xx-xx.static.mdsn.xx.charter.com > 172.28.101.45: ICMP echo request, id 9231, seq 3, length 64