Iptables rules for connection to a openvpn server

Hello,

I am having trouble connecting to my openvpn server from my desktop. I am not proficient in iptables at all but i have managed to set up a simple iptables ruleset. The default policy is drop and the rules included are:

sudo iptables -A INPUT -i enp2s0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i enp2s0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i enp2s0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i enp2s0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -p udp -i enp2s0 --sport 53 -j ACCEPT
sudo iptables -A INPUT -p udp -i enp2s0 --sport 53 -j ACCEPT

sudo iptables -A OUTPUT -o enp2s0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o enp2s0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o enp2s0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o enp2s0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -p udp -o enp2s0 --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp -o enp2s0 --dport 53 -j ACCEPT

Can someone please help me getting my openvpn connection through my firewall.

Thanks in advance

Quote:

Originally Posted by gondola Hello, I am having trouble connecting to my openvpn server from my desktop.

Welcome to LQ!
"Server" where? Is it "remote" from your current computer/host/current_desktop/
Not on the same machine is it?

Any research you have done? What does the openvpn documentation indicate the next action is?

Do you understand the client-server model?

Those rules seem to have nothing to do with openvpn. By default, openvpn uses port 1194 and is usually udp.

Where did you get the firewall rules from?

It seems i have not explained myself very well in my opening post. So let's try it again. I am trying to connect from my desktop (client) to a vpn provider (protonvpn). The rules listed above are my iptables rules. Because my default policy is DROP, i can not connect to my vpn provider. I am looking for a set of rulkes that let's my computer connect to my vpn provider. As of now iptables blocks this (as i have not yet added rules to allow this). But as i stated above, i am not very proficient in iptabes so i am looking for some help. I have looked extensively but i can not find it. So can someone help me put a set of rules together that will allow my firewall to connect to my vpn provider?

I am going to assume they are using port 1194 and that you chose udp....

sudo iptables -A INPUT -i enp2s0 -p udp --sport 1194 -m state --state ESTABLISHED -j ACCEPT

sudo iptables -A OUTPUT -o enp2s0 -p udp --dport 1194 -m state --state NEW,ESTABLISHED -j ACCEPT

I am still interested in where the original rules came from. What distro are you using? Did the rules come with the distro?

I am currently using debian as my default distro. I got the rules from the internet and from a course i am taking on cybersecurity. It introduced me to iptables, but i am not really proficient in it yet.

Quote:

Originally Posted by gondola I am currently using debian as my default distro. I got the rules from the internet and from a course i am taking on cybersecurity. It introduced me to iptables, but i am not really proficient in it yet.

Fair enough. IMHO, the rules seem very inefficient. Generally, I would just allow all established connections. Simple and efficient. I also don't understand a default drop policy on output for normal computers. Generally, you trust yourself

But I am not a security expert... I no longer even play one in real life.