![]() ![]() If it's not working, you can restart your server to start from scratch. ![]() These settings are stored in memory until you save them. Similarly, ip6tables -L -line-numbers should look like this:Ģ ACCEPT all anywhere anywhere state RELATED,ESTABLISHEDģ ACCEPT tcp anywhere anywhere tcp dpt:domainĤ ACCEPT udp anywhere anywhere udp dpt:domainĥ ACCEPT tcp anywhere anywhere tcp dpt:httpĦ ACCEPT udp anywhere anywhere udp dpt:80ħ ACCEPT tcp anywhere anywhere tcp dpt:sshĨ ACCEPT tcp anywhere anywhere tcp dpt:openvpnĩ ACCEPT udp anywhere anywhere udp dpt:openvpnġ0 REJECT tcp anywhere anywhere tcp dpt:https reject-with icmp6-port-unreachableĬonnect to the VPN as a client and verify you can resolve DNS names as well as access the Pi-hole Web interface. Option 1: Allow everything from within your VPN ¶Įnter this command, which will allow all traffic through the VPN tun0 interface.Ģ ACCEPT all - anywhere anywhere state RELATED,ESTABLISHEDĤ ACCEPT tcp - anywhere anywhere tcp dpt:domainĥ ACCEPT udp - anywhere anywhere udp dpt:domainĦ ACCEPT tcp - anywhere anywhere tcp dpt:httpħ ACCEPT udp - anywhere anywhere udp dpt:80Ĩ ACCEPT tcp - anywhere anywhere tcp dpt:sshĩ ACCEPT tcp - anywhere anywhere tcp dpt:openvpnġ0 ACCEPT udp - anywhere anywhere udp dpt:openvpnġ1 ACCEPT tcp - 10.8.0.0/24 anywhere tcp dpt:domainġ2 ACCEPT udp - 10.8.0.0/24 anywhere udp dpt:domainġ3 ACCEPT tcp - 10.8.0.0/24 anywhere tcp dpt:httpġ4 ACCEPT udp - 10.8.0.0/24 anywhere udp dpt:80ġ5 ACCEPT tcp - 10.8.0.0/24 anywhere tcp dpt:domainġ6 ACCEPT tcp - 10.8.0.0/24 anywhere tcp dpt:httpġ7 ACCEPT udp - 10.8.0.0/24 anywhere udp dpt:domainġ8 ACCEPT udp - 10.8.0.0/24 anywhere udp dpt:80ġ9 REJECT tcp - anywhere anywhere tcp dpt:https reject-with icmp-port-unreachable You have two options for setting up your firewall with your VPN. It's recommended that you clear out your entire firewall so you have full control over its setup. So you will want to prevent ports 53 and 80, respectively, from being accessible from the public Internet. In addition to the risk of being an open resolver, your Web interface is also open to the world increasing the risk. If this is the case, you need to secure the server for your safety as well as others to prevent aiding in DDoS attacks. This step is optional but recommended if you are running your server in the cloud, such as a droplet made on Digital Ocean. If you are behind a NAT and not running the Pi-hole on a cloud server, you do not need to issue the IPTABLES commands below as the firewall rules are already handled by the RoadWarrior installer, but you will need to portforward whatever port you chose in the setup from your public ip to your device using your router. Optional: Dual operation: LAN & VPN at the same timeįirewall Configuration (optional) Secure the server with firewall rules ( iptables) ¶ Option 2: Explicitly allow what can be accessed within the VPN Option 1: Allow everything from within your VPN If this is a special case, would reinstalling the OS help?Įdit1: I just checked, I get "Server unexpectedly closed network connection" with Windows firewall ON or OFF.(optional) Secure the server with firewall rules (iptables) I tried disabling SSH in 'sudo raspi-config' in "Interfacing Options" and rebooting, then re-enabling it and rebooting. Loaded: loaded (/lib/systemd/system/ssh.service enabled)Īctive: active (running) since Thu 21:37:51 UTC 3h 13min agoĭec 29 21:37:52 raspberrypi sshd: key_load_public: invalid formatĭec 29 21:37:52 raspberrypi sshd: Could not load host key: /etc/ssh/ssh_host_rsa_keyĭec 29 21:37:52 raspberrypi sshd: Server listening on 0.0.0.0 port 22.ĭec 29 21:37:52 raspberrypi sshd: Server listening on :: port 22.ĭec 29 21:37:52 raspberrypi sshd: Could not load host key: /etc/ssh/ssh_host_dsa_keyĭec 29 21:37:52 raspberrypi sshd: Could not load host key: /etc/ssh/ssh_host_ecdsa_keyĭec 29 21:37:52 raspberrypi sshd: Could not load host key: /etc/ssh/ssh_host_ed25519_key (I guess, for now, ignore the message that comes up when the firewall is ON)Ĭonsole Logs read (had to type it out): $ sudo service ssh status -l I get "Network error: Software caused connection abort" with Windows firewall ON:Īnd "Server unexpectedly closed network connection" with Windows firewall OFF: I then installed PuTTY on my laptop and (Running as Admin) tried to connect to 192.168.1.14 (all else left default) and got an error immediately with Windows firewall ON or OFF. I am able to ping from laptop to RPi, and with Windows firewall OFF I can ping from RPi to the laptop. This means that I should be able to connect through SSH as well. I installed RealVNC on my laptop and was able to connect to it with 192.168.1.14:1 address. Using built-in WiFi, I connected it to my router and was able to download and install TightVNC. I just got a RPi 3 model B and installed Raspbian on it.
0 Comments
Leave a Reply. |