To make CSF work with OpenVPN, you’ll need to create extra iptable rules. We do that by adding them to csfpre.sh.
nano /etc/csf/csfpre.sh
If the file does not exist, you can create it. If it already exists, you should append to it.
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -j SNAT --to-source 192.168.1.1
- Replace 192.168.1.1 with your server IP address.
- You may need to replace 10.8.0.0/24 with the designated server IP you assigned for your openvpn. Typically that you set in /etc/openvpn/server.conf in CentOS/RHEL. 10.8.0.0/24 is the default.
- If your network interface is different, you may also need to replace eth0 with another. Run ifconfig to check.
Make sure to open the OpenVPN port from line TCP_IN on csf config file /etc/csf/csf.conf