Решение: просто нужно было использовать NAT 10.8.0.1
Изменить: OpenVPN не работает также с полностью очищенными iPTables, поэтому, вероятно, это может быть ошибка в настройке.
Я пытаюсь настроить сервер OpenVPN на своем Debian 9 VPS, но даже если я предоставлю доступ к порту 1194 UDP на iPTables и открою его, он все равно заблокирован. PS. Я использую базовый сценарий установки OpenVPN.
Мой ifconfig: (я использую IP OpenVPN как общедоступный)
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 164.68.***.** (My public IP) netmask 255.255.255.0 broadcast 164.68.***.255
ether 00:50:56:3e:ae:6a txqueuelen 1000 (Ethernet)
RX packets 199011 bytes 32608702 (31.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 114947 bytes 17438986 (16.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 20344 bytes 4127218 (3.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20344 bytes 4127218 (3.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Конфигурация My iPTables: (порт 1194 закрыт)
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports 2233
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT udp -- anywhere anywhere udp dpt:1988
ACCEPT tcp -- anywhere anywhere tcp dpt:1988
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT udp -- anywhere anywhere udp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:8192
ACCEPT udp -- anywhere anywhere udp dpt:8192
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
bungee tcp -- anywhere anywhere tcp dpt:25562
bungee tcp -- anywhere anywhere tcp dpt:25579
bungee tcp -- anywhere anywhere tcp dpt:25569
bungee tcp -- anywhere anywhere tcp dpt:25563
bungee tcp -- anywhere anywhere tcp dpt:25567
bungee tcp -- anywhere anywhere tcp dpt:41310
bungee tcp -- anywhere anywhere tcp dpt:41311
bungee tcp -- anywhere anywhere tcp dpt:41312
bungee tcp -- anywhere anywhere tcp dpt:25999
bungee tcp -- anywhere anywhere tcp dpt:25564
bungee tcp -- anywhere anywhere tcp dpt:30801
bungee tcp -- anywhere anywhere tcp dpt:30802
bungee tcp -- anywhere anywhere tcp dpt:30803
bungee tcp -- anywhere anywhere tcp dpt:30810
bungee tcp -- anywhere anywhere tcp dpt:25342
ACCEPT udp -- anywhere anywhere udp dpt:8183
ACCEPT udp -- anywhere anywhere udp dpt:8182
ACCEPT udp -- anywhere anywhere udp dpt:8181
ACCEPT udp -- anywhere anywhere udp dpt:8191
ACCEPT udp -- anywhere anywhere udp dpt:587
ACCEPT udp -- anywhere anywhere udp dpt:465
ACCEPT udp -- anywhere anywhere udp dpt:2233
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT udp -- anywhere anywhere udp dpt:143
ACCEPT udp -- anywhere anywhere udp dpt:993
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:25565
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:8191
ACCEPT tcp -- anywhere anywhere tcp dpt:8183
ACCEPT tcp -- anywhere anywhere tcp dpt:8182
ACCEPT tcp -- anywhere anywhere tcp dpt:8181
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:2233
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:8443
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:2233
ACCEPT udp -- anywhere anywhere udp dpt:2233
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT udp -- anywhere anywhere udp dpt:143
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:25565
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT udp -- anywhere anywhere udp dpt:993
ACCEPT udp -- anywhere anywhere udp dpt:25565
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT udp -- anywhere anywhere udp dpt:465
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:urd state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:submission state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:143
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission /* postfix */
ACCEPT tcp -- anywhere anywhere multiport dports imap2,smtp,urd,submission /* postfix */
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere multiport dports imap2,smtp,urd,submission,http,https,http-alt,imap2,smtp,imaps /* postfix */
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere multiport dports 25565 /* postfix */
ACCEPT tcp -- anywhere anywhere multiport dports 8192 /* postfix */
ACCEPT tcp -- anywhere anywhere multiport dports 8181,8182,8183 /* postfix */
ACCEPT tcp -- anywhere anywhere multiport dports submission /* postfix */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:8183
ACCEPT udp -- anywhere anywhere udp dpt:8182
ACCEPT udp -- anywhere anywhere udp dpt:8181
ACCEPT udp -- anywhere anywhere udp dpt:8191
ACCEPT tcp -- anywhere anywhere tcp dpt:8191
ACCEPT tcp -- anywhere anywhere tcp dpt:8183
ACCEPT tcp -- anywhere anywhere tcp dpt:8182
ACCEPT tcp -- anywhere anywhere tcp dpt:8181
ACCEPT tcp -- anywhere anywhere tcp dpt:25565
ACCEPT udp -- anywhere anywhere udp dpt:25565
ACCEPT udp -- anywhere anywhere udp dpt:465
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT udp -- anywhere anywhere udp dpt:143
ACCEPT udp -- anywhere anywhere udp dpt:993
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:2233
ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT udp -- anywhere anywhere udp dpt:443
ACCEPT udp -- anywhere anywhere udp dpt:http-alt
ACCEPT udp -- anywhere anywhere udp dpt:80
ACCEPT udp -- anywhere anywhere udp dpt:2233
ACCEPT tcp -- anywhere anywhere tcp spt:smtp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:imap2 state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
Chain bungee (15 references)
target prot opt source destination
ACCEPT all -- vmi294204.contaboserver.net anywhere
ACCEPT all -- localhost anywhere
DROP all -- anywhere anywhere
Chain f2b-sshd (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Вот команда, которую я использовал для открытия порта, который мне нужен для OpenVPN:
iptables -I INPUT -p udp -m udp --dport 1194 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
Я настраиваю OpenVPN на своем общедоступном IP-адресе, я не знаю, следует ли мне настраивать его на нат, но это кажется правильным путем, на самом деле, если я использую порт 443 и протокол TCP, он подключается к VPN (без Интернет работает).
Большое спасибо за любую предоставленную помощь.