Created
November 7, 2016 23:06
-
-
Save wassupdoc/d3b0aa455c3b08dc6b79247ab8262bc7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configure | |
| set serivce gui https-port 8443 | |
| commit | |
| save | |
| #make sure to open the port in our lan-local config. | |
| configure | |
| edit firewall | |
| edit name lan-local | |
| set rule 200 destination port 80,443,8443 | |
| top | |
| edit firewall | |
| edit ipv6-name lan-local-6 | |
| set rule 200 destination port 80,443,8443 | |
| top | |
| commit | |
| save | |
| configure | |
| edit interfaces openvpn vtun0 | |
| set description openvpn | |
| set mode server | |
| set local-port 443 | |
| set protocol tcp-passive | |
| set server subnet 192.168.200.0/24 | |
| set server topology subnet | |
| set server push-route 192.168.2.0/24 | |
| set tls ca-cert-file /config/auth/cacert.pem | |
| set tls cert-file /config/auth/server.pem | |
| set tls dh-file /config/auth/dhp.pem | |
| set tls key-file /config/auth/server.key | |
| #WAN to local: A rule is needed here to allow incoming tcp connections on port 443. | |
| #tcp port 443 you'd need a wan-local rule | |
| edit firewall name wan-local | |
| set default-action drop | |
| set enable-default-log | |
| set rule 1 action accept | |
| set rule 1 state established enable | |
| set rule 1 state related enable | |
| set rule 2 action drop | |
| set rule 2 log enable | |
| set rule 2 state invalid enable | |
| set rule 50 action accept | |
| set rule 50 description "Allow OpenVPN connections" | |
| set rule 50 destination port 443 | |
| set rule 50 protocol tcp | |
| top | |
| #And similarly for wan-local-6. | |
| edit firewall ipv6-name wan-local-6 | |
| set default-action drop | |
| set enable-default-log | |
| set rule 1 action accept | |
| set rule 1 state established enable | |
| set rule 1 state related enable | |
| set rule 2 action drop | |
| set rule 2 log enable | |
| set rule 2 state invalid enable | |
| set rule 50 action accept | |
| set rule 50 description "Allow OpenVPN connections" | |
| set rule 50 destination port 443 | |
| set rule 50 protocol tcp | |
| set rule 100 action accept | |
| set rule 100 protocol ipv6-icmp | |
| top | |
| # local zone you need to use these rules: | |
| edit zone-policy zone local | |
| set from WAN firewall name wan-local | |
| set from WAN firewall ipv6-name wan-local-6 | |
| top | |
| # VPN to office LAN: All traffic is allowed. | |
| edit zone-policy zone LAN | |
| set from VPN firewall name allow-all | |
| set from VPN firewall ipv6-name allow-all-6 | |
| top | |
| #LAN to VPN: All traffic is allowed. | |
| edit zone-policy zone VPN | |
| set default-action drop | |
| set interface vtun0 | |
| #LAN to VPN: All traffic is allowed. | |
| set from LAN firewall name allow-all | |
| set from LAN firewall ipv6-name allow-all-6 | |
| top |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment