Home / server / Questions / 58418
Accepted
agsamek
Asked: 2009-08-26 05:54:35 +0800 CST

Is it possible to configure a linux box, so that all of its services are available through its VPN server?

  • 772

I have a hosted linux server with public IP address. I would like to configure it as a VPN server. Then I would like to hide all of its services behind this VPN, so that if I open a socket then by default it is accessible through VPN and not accessible via Internet.

Is it possible?

vpn linux

3 Answers

  1. Attach the services to the interface/ip of the VPN. To make ssh only listen to the VPN-ip change the "sshd_config":

    #Listen 0.0.0.0
Listen 10.62.63.1

    Same with apache and so on..

    You could also firewall the public ip and only allow on the VPN.

    • 1
  2. Best Answer

    Iptables is helpfull !

    for example, with an openvpn run on eth0 interface, with 1194 tcp port and your vpn interface is "tun0"

    #Flush you input tables
iptables -F INPUT

#Allow connection to openvpn
iptables -i eth0 -p tcp --dport 1194 -j ACCEPT

#Allow connction through you vpn interface

iptables -i tun0 -j ACCEPT

# set you default INPUT policy to DROP
iptables -P INPUT DROP

    So, you can set your filter (rules 3) with you vpn adresses, or an other vpn interface (ipsec0, gre, tap etc..)

    • 1

  3. Of course, just set up iptables rules appropriately.

    • 0