On 12/29/2017 3:59 AM, Wojciech Łysiak wrote:
firstly check which zone are your interface in :
bash> firewall-cmd --get-active-zones
then all you have to do is add a service to the firewall
firewall-cmd --zone=<INSERT YOUR ZONE> --add-service=openvpn --permanent
assuming that your Openvpn is running on standard port 1194/tcp|udp,
If not then modify firewall-cmd rule and add your port/proto
e.g.
firewall-cmd --zone=<INSERT YOUR ZONE> --add-port=11193/tcp
That opens the physical Ethernet interface to allow the raw SSL
connection from the client into the server. It doesn't open a connection
for the tunnel (tun0 interface) that's been created by the OpenVPN
service to forward packets to the internal LAN zone.
I tried adding the tun0 interface to the internal zone and firewall-cmd
told me tun0 was managed by NetworkManager. After that it didn't show
tun0 as a member of any zone.
# firewall-cmd --zone=internal --add-interface=tun0
The interface is under control of NetworkManager, setting zone to
'internal'.
success
# firewall-cmd --list-all-zones
(long list of zones, none of which have tun0 in their interfaces field)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
