This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
content:en_us:7_ug_openvpn [2021/01/25 09:18] 84.9.57.48 |
content:en_us:7_ug_openvpn [2021/03/31 10:14] (current) 84.9.57.48 |
||
---|---|---|---|
Line 498: | Line 498: | ||
===== OpenVPN with Gateway Management/DNSThingy ===== | ===== OpenVPN with Gateway Management/DNSThingy ===== | ||
- | There is currently (20 Jul 2020) a problem for OpenVPN users trying to access devices on the ClearOS LAN if the ClearOS LAN is protected by Gateway Management or DNSThingy with Don't Talk to Strangers (DTTS) enabled. The official DNSThingy solution is to go into the control panel then go Rules > Enablers (at the top) and add an enabler with the following in it: | + | <note info>If you have had any enablers or any custom firewall set up to allow LAN access by OpenVPN, since Gateway Management v2.5 was released, these are no longer necessary and can be removed</note> |
- | <code>your_LAN_subnet|td0-65535,ud0-65535</code>Repeat the line for multiple LAN subnets. This will allow all TCP and UDP traffic through to the LAN, but **it will not allow pings (ICMP) **. | + | |
- | There is an alternative solution which will allow all traffic including ICMP. Create a Custom Firewall rule with the following rule: | + | If you had an Enabler (go Rules > Enablers in the dashboard) like: |
- | <code>$IPTABLES -I FORWARD -i tun+ -j ACCEPT</code> | + | <code>your_LAN_subnet|td0-65535,ud0-65535</code>It can now be removed |
- | It is OK to use both solutions at the same time. | + | If you had a Custom Firewall rule with the following rule: |
+ | <code>$IPTABLES -I FORWARD -i tun+ -j ACCEPT</code>It can now be removed. You may have had one rule for each LAN if you have multiple LAN's. | ||
- | Note that there is a version of Gateway Management in beta testing which fixes this issue, but until it is released this rule will be needed. | + | Similarly there used to be a mini script for a file in /etc/clearos/firewall.d/something. This can now be removed. |
===== Softphone/VoIP issue ===== | ===== Softphone/VoIP issue ===== |