OpenVPN and Firewall

[RNA]

Dear Centosians,
I bought a new home server a week ago (the old one is already rotten) and I can't get OpenVPN to work fully. Almost everything works, but I can't reach the remote computers from my desktop on the same network.
Forwarding is set, the network interface is in promiscuous mode, routing is also set.
Ping to the remote computer doesn't work either.

Code: Select all

[rna@broom ~]$ ping 172.18.209.120
PING 172.18.209.120 (172.18.209.120) 56 (84) data bytes.
From 192.168.70.199 order=1 Packet filtered
From 192.168.70.199 order=2 Packet filtered

192.168.70.199 is the IP of the server, 172.18.209.120 is the IP of the remote computer, my desktop has 192.168.70.197.

Server is fully reachable from my desktop.
I set all ports 1-65535 udp, tcp on the firewall.
All types of ICMP enabled.
Still nothing.
And now watch out: if I turn off the firewall on the server completely, everything works fine.
Please - what else is there somewhere in the FW settings that I should enable?
​

[TrevorH]

What firewall solution are you using?

[RNA]

To tell you the truth, I had no idea that there were multiple different firewalls in Centos.
Well, one is still learning.

Code: Select all

[rna@NUC23 ~]$ ps ax | grep firewall
   2397 ?        Sl     0:10 /usr/bin/python3 -s /usr/bin/firewall-applet
  24204 ?        Ssl    0:03 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
  30910 pts/0    S+     0:00 grep --color=auto firewall

a

Code: Select all

[rna@NUC23 ~]$ dnf search firewalld
Poslední kontrola metadat: před 7 days, 17:16:05, Po 11. prosince 2023, 18:28:58.
========================================================================== Název přesně odpovídá: firewalld ==========================================================================
firewalld.noarch : A firewall daemon with D-Bus interface providing a dynamic firewall
========================================================================= Název & Souhrn odpovídá: firewalld =========================================================================
fail2ban-firewalld.noarch : Firewalld support for Fail2Ban
firewalld-filesystem.noarch : Firewalld directory layout and rpm macros
foomuuri-firewalld.noarch : FirewallD emulation configuration files for Foomuuri
jellyfin-firewalld.noarch : FirewallD metadata files for Jellyfin
mpd-firewalld.x86_64 : FirewallD metadata file for MPD
plasma-firewall-firewalld.x86_64 : FirewallD backend for Plasma Firewall
sshguard-firewalld.x86_64 : Configuration for firewalld backend of SSHGuard
============================================================================= Souhrn odpovídá: firewalld =============================================================================
python3-firewall.noarch : Python3 bindings for firewalld

[TrevorH]

Right, so it's firewalld which is the default but as well to check.

How are you adding/removing rules? With firewalld you must use firewall-cmd or the GUI equivalent whose name temporarily escapes me (I think firewalld is dreadful and do not use it). Do not use iptables commands directly as they will be removed or altered by firewalld when you least expect it.

[RNA]

Yes, I am using that thing:



Would you recommend something completely different?
But I encountered this problem only now on Centos 9 Stream.
Fedora, Almalinux, it worked there.

[jlehtone]

But I encountered this problem only now on Centos 9 Stream.
Fedora, Almalinux, it worked there.

Why did you install Stream, rather than AlmaLinux 9, for example?


AlmaLinux and Fedora ought to use FirewallD too. The first definitely does.
How did you set them up? What was different?