To make CSF work with OpenVPN, you’ll need to create extra iptable rules. We do that by adding them to csfpre.sh.
If the file does not exist, you can create it. If it already exists, you should append to it.
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.1
- Replace 192.168.1.1 with your server IP address.
- You may need to replace 10.8.0.0/24 with the designated server IP you assigned for your openvpn. Typically that you set in /etc/openvpn/server.conf in CentOS/RHEL. 10.8.0.0/24 is the default.
- If your network interface is different, you may also need to replace eth0 with another. Run ifconfig to check.
Make sure to open the OpenVPN port from line TCP_IN on csf config file /etc/csf/csf.conf