We are a big fan of OpenVPN when it comes to security. Many organizations have already switched to OpenVPN from PPTP etc.

NixVPN is my favorite VPN software to host it on a standalone instance. But what if, if you already have a server protected with CSF firewall, and you want to install OpenVPN by yourself. You may face some issues like enabling routing on the iotables level.

If you have already configured your OpenVPN and authentication is working fine, and you still dont have internet access once connected, please try the below.

Enable IP forwarding

On CentOS / RHEL 6,

change net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1 in /etc/sysctl.conf and run the below

sysctl -p

On CentOS / RHEL 7,

create a new file /etc/sysctl.d/openvpn.conf and add the below content to it,

net.ipv4.ip_forward = 1

then restart the service

sysctl -p
systemctl restart systemd-sysctl.service

Adding firewall rules to the CSF
Note : If you are not using CSF, you can add the below rules directly to iptables.

vim /etc/csf/csfpost.sh and add the below contents to it.

Replace eth0 with your interfacename

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -o tun0 -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT

Add +x permission to the file