limiting ip range on openvpn server

Question

We're trying to setup a openvpn server on centos 6.

We have blocked all IP adresses except a couple in a whitelist via /etc/hosts.deny, also we did the same with csf.deny (except for the whitelist).

This block seems to be working, can't reach the machine from a non-whitelisted ip adres by ssh.

However, when we go to the openvpn server from the same non-whitelisted ip (via 943) we can login the web panel.

How can we block all traffic including openvpn from everywhere except for the ips in our whitelist ?

Which protocol does your `OpenVPN` server use? `UDP` or `TCP`? AFAIK, `/etc/hosts.deny` won't work for `UDP`. — gxx, Jul 15 '16 at 14:01

score 5 · Accepted Answer · answered Jul 15 '16 at 14:51

5

You can use IPTables for it, just set allow rules for your whitelisted IPs and reject all others.

answered Jul 15 '16 at 14:51

1 Answers1