Site-to-Site VPN Firewall Rules

When adjusting settings for a site-to-site VPN, don’t forget to update the firewall rules. Make sure the appropriate subnets for your networks are covered.

In /etc/ufw/before.rules:

# OpenVPN Rules
 *nat
 :POSTROUTING ACCEPT [0:0]
 # Allow traffic from OpenVPN client to ens32
 -A POSTROUTING -s 192.168.52.0/24 -o ens32 -j MASQUERADE
 -A POSTROUTING -s 172.22.1.0/24 -o ens32 -j MASQUERADE
 COMMIT
 # End OpenVPN Rules 

Leave a Comment