Make CSF work with OpenVPN

To make CSF work with OpenVPN, you’ll need to create extra iptable rules. We do that by adding them to csfpre.sh.

nano /etc/csf/csfpre.sh

If the file does not exist, you can create it. If it already exists, you should append to it.

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.1
  • Replace 192.168.1.1 with your server IP address.
  • You may need to replace 10.8.0.0/24 with the designated server IP you assigned for your openvpn. Typically that you set in /etc/openvpn/server.conf in CentOS/RHEL. 10.8.0.0/24 is the default.
  • If  your network interface is different, you may also need to replace eth0 with another. Run ifconfig to check.

Make sure to open the OpenVPN port from line TCP_IN on csf config file /etc/csf/csf.conf

source