I am trying to setup VPN server (strognswan) and allow remote users access services like redis, nginx, mongodb etc. via VPN only – users should not have access to internet via VPN.
I'am able to connect to VPN server and send ping (iptables is allowing that), but i can't separate Internet (my public IP) and VPN network (10.10.10.0/24).
When i opening port 8080 i can access service via VPN, but also it is visible from by public IP.
My question is, how setup iptables allowing VPN users to access services on server but block others users from Internet?
#ipsec.conf - left
left=#myPublicIP
leftid=@mydomain.com
leftsubnet=#myPublicIP/32
leftfirewall=yes
lefthostaccess=yes
Best Answer
You need to add commands that you're using to configure
iptables
to allow ports, because I think that you're missing some important options.For example, if the VPN interface is named
tap0
, to open a port only for VPN clients you can use this form of command withiptables
:(pay attention to each parameter, expecially
-A
and the order of rules, which is very important oniptables
)