Hi Gang,
I'm hoping you guys can offer some tips or advice about setting up iptables for use with OpenVPN.
We have a hardware firewall which blocks all incoming traffic, except for port 1194 (udp) which is forwarded to our OpenVPN server (running Linux).
Our OpenVPN server is set up to require PKI (we used EasyRSA on an unconnected computer to generate the keys), TLS authentication/HMAC filter, and AES 256 bit cipher.
We're seeing strange IP addresses in the logs attempting to authenticate (and failing)... not being hammered, just one-off "pings" every 5 or 6 hours or thereabouts.
So I'd like to set up iptables properly on the server. I've already set it up to drop packets from all networks using the first two octets of the IP addresses we've seen so far.
The question I have is this: We have mobile staff who regularly connect to the VPN using mobile devices (i.e: mostly 4G). I don't know that much about the inner workings of 4G, but I assume that their IP addresses will be constantly changing. So the question is: How do we write rules which will allow them to connect and block the rest of the world?
I'd greatly appreciate any pointers.
Happy Friday & have a nice weekend!