cpsvrd failure, iptables andf openvpn

[dzseti]

Have just installed openvpn on Centos 6.3 and now the cpsvrd stops and fails to restart. I'm fairly sure that the issue relates to iptables, because when I restart csf my iptable modifications are cleared and the problem goes away. Or when I reissue the iptable commands the problem returns.

For installing openvpn I followed this: https://safesrv.net/install-openvpn-on-centos/


And the iptable commands which seem to be the cause are:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123

(with 123.123.123.123 changed to my own ip)

Any ideas on what could be the problem ... and how to fix it?

 

[dzseti]

Within a few hours of posting have managed to solve with another set of iptable commands found here:OpenVPN with CSF firewall « Unix & Linux

Changed the above set to the ones found here (method 1):

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

The openvpn server functions just as before with these settings AND I immediately got a message saying that cpsvrd had recovered itself.

I hope I haven't opened a big security issue with this - I need to check - but at least this is a solution for the meantime

... maybe this helps somebody else ...