{googleads}
$ wget https://git.io/vpn -O openvpn-install.sh
$ bash openvpn-install.sh
$ cat /etc/rc.local
$ more /etc/openvpn/server.conf
$ vi /etc/openvpn/server.conf
$ systemctl stop openvpn@server
$ systemctl start openvpn@server
$ systemctl restart openvpn@server
$ /etc/init.d/openvpn stop
$ /etc/init.d/openvpn start
$ /etc/init.d/openvpn restart
$ ufw allow 1194/udp
$ ufw allow 22/tcp
$ vi /etc/ufw/before.rules
# START OPENVPN RULES by vg
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
#****************************************[README]*****************************************************#
# Allow traffic from OpenVPN client to 139.59.1.155. Replace 139.59.1.155 with your actual IP address*#
#****************************************[README]*****************************************************#
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 139.59.1.155
COMMIT
# END OPENVPN RULES by vg
Next scroll down and find the comment that read s follows
# ok icmp code for FORWARD
Append the following rules:
#OpenVPN Forward by vg
-A ufw-before-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -s 10.8.0.0/24 -j ACCEPT
-A ufw-before-forward -i tun+ -j ACCEPT
-A ufw-before-forward -i tap+ -j ACCEPT
#OpenVPN END by vg
Save and close the file. Next edit the /etc/ufw/sysctl.conf file, enter:
$ sudo vi /etc/ufw/sysctl.conf
Find and uncomment the following line to allow this host to route packets between interfaces
net/ipv4/ip_forward=1
Save and close the file. Enable ufw or reload if already running:
$ ufw enable
OR
$ ufw reload
Verify new firewall rules:
$ ufw status
$ iptables -t nat -L -n -v
$ iptables -L FORWARD -n -v
$ iptables -L ufw-before-forward -n -v