AWAITING FEEDBACK RasPi OpenVPN - settings for iptables?

A

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
I'm experimenting with running the RasPi (latest and greatest software) with OpenVPN running alongside.

I have the PBX configured (check)
I have OpenVPN installed and running (check)

Can't connect.

So, two possible problems. Either my router is dropping packets destined for the Pi or the Pi is dropping packets which have been shipped to it.

The Pi is 192.168.40.210 on the network. I'm using UDP and port 1190. Port 1194 is being used for the OpenVPN configured on the router. I don't want to use the current (router) OpenVPN because I want to see if the phones will register directly to the Pi and work via OpenVPN.

So, on my router (OpenWRT) I have the following lines in firewall.user:

Code: 
iptables -I FORWARD 1 -d 192.168.40.210 -p udp --dport 1190 -j ACCEPT
iptables -t nat -A PREROUTING -p udp --dport 1190 -j DNAT --to 192.168.40.210:1190

This should (hah!) forward to the Pi.
Edit: This does allow traffic to the Pi. I disabled iptables on the Pi and the OpenVPN client connected!!!!!!

What lines do I want on the Pi's iptables (/etc/network/iptables (?))? to allow traffic in and out from port 1190, etc.?

The Pi has TM3 installed.

I'm using the Pi as a testbed. When this works, I will install OpenVPN on my office PBX (in the basement) to allow iPhone VPN/softphone connections.

Thanks. I'm getting close, but in over my head.

Andrew
 
wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,202
Reaction score
5,224
Do you have UDP 1190 opened in IPtables on the RasPi??

You could also disable IPtables on the RasPi momentarily to see if it works. Then you'll know whether it's a RasPi firewall problem: service iptables stop
 
A

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
What is the right command to open the port on the Pi?

Do I need to NAT, etc. since I don't need other machines on the network?

Thanks.

Andrew
 
wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,202
Reaction score
5,224
/root/add-ip openvpn 192.168.40.210 (choose 0 option to open all ports)

If that works, we can tighten it up later.
 
A

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
Ward,

Thanks for the last note; as I stated in the edit above, if I turn iptables off, the iPhone will connect to the VPN. I'm interested in having just port 1190 open for the VPN on the Pi. I'm not sure if I need NAT, masquerade, blah blah from the list of available options.

Any pointers for the line or two which will allow this? I haven't the faintest idea of what half of the line doing the port forwarding does - I haven't a prayer of guessing what I need to do on the Pi <g>.

Andrew
 
You must log in or register to reply here.

Members online

Total: 42 (members: 3, guests: 39)

Latest Posts

Forum statistics

Threads
25,816
Messages
167,786
Members
19,246
Latest member
rahee
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top