The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpsvrd failure, iptables andf openvpn

Discussion in 'General Discussion' started by dzseti, Jan 10, 2013.

  1. dzseti

    dzseti Registered

    Joined:
    Jan 10, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Have just installed openvpn on Centos 6.3 and now the cpsvrd stops and fails to restart. I'm fairly sure that the issue relates to iptables, because when I restart csf my iptable modifications are cleared and the problem goes away. Or when I reissue the iptable commands the problem returns.

    For installing openvpn I followed this: https://safesrv.net/install-openvpn-on-centos/


    And the iptable commands which seem to be the cause are:

    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -j REJECT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123

    (with 123.123.123.123 changed to my own ip)

    Any ideas on what could be the problem ... and how to fix it?
     
  2. dzseti

    dzseti Registered

    Joined:
    Jan 10, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Within a few hours of posting have managed to solve with another set of iptable commands found here:OpenVPN with CSF firewall « Unix & Linux

    Changed the above set to the ones found here (method 1):

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

    The openvpn server functions just as before with these settings AND I immediately got a message saying that cpsvrd had recovered itself.

    I hope I haven't opened a big security issue with this - I need to check - but at least this is a solution for the meantime

    ... maybe this helps somebody else ...
     
Loading...

Share This Page