diff options
author | usman-umer <unumer@hotmail.com> | 2021-07-31 20:06:24 +0100 |
---|---|---|
committer | usman-umer <unumer@hotmail.com> | 2021-07-31 20:06:24 +0100 |
commit | b4e43503bfbcf7c561a82c85163123569895af08 (patch) | |
tree | b3009c63a74b07112c6e900452e38c00dc971e90 /docs | |
parent | 54afd51b3a01c7282dbff16b0f9bddab3dce4051 (diff) | |
download | vyos-documentation-b4e43503bfbcf7c561a82c85163123569895af08.tar.gz vyos-documentation-b4e43503bfbcf7c561a82c85163123569895af08.zip |
added instructions for firewall exception for equuleus branch
Diffstat (limited to 'docs')
-rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 644906e1..9fb26933 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -130,6 +130,33 @@ Remote Configuration - Annotated: set interfaces openvpn vtun1 local-address '10.255.1.2' # Local IP of vtun interface set interfaces openvpn vtun1 remote-address '10.255.1.1' # Remote IP of vtun interface +******************* +Firewall Exceptions +******************* + +For the WireGuard traffic to pass through the WAN interface, you must create a +firewall exception. + +.. code-block:: none + + set firewall name OUTSIDE_LOCAL rule 10 action accept + set firewall name OUTSIDE_LOCAL rule 10 description 'Allow established/related' + set firewall name OUTSIDE_LOCAL rule 10 state established enable + set firewall name OUTSIDE_LOCAL rule 10 state related enable + set firewall name OUTSIDE_LOCAL rule 20 action accept + set firewall name OUTSIDE_LOCAL rule 20 description OpenVPN_IN + set firewall name OUTSIDE_LOCAL rule 20 destination port 1195 + set firewall name OUTSIDE_LOCAL rule 20 log enable + set firewall name OUTSIDE_LOCAL rule 20 protocol udp + set firewall name OUTSIDE_LOCAL rule 20 source + +You should also ensure that the OUTISDE_LOCAL firewall group is applied to the +WAN interface and a direction (local). + +.. code-block:: none + + set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL' + Static Routing: Static routes can be configured referencing the tunnel interface; for example, |