Sysadmin csf problem with vpnserver

EckyBrazzz · Nov 2, 2019

On some servers I have for a long time csf -x because it getting in the way with a VPN

I can select whatever port number to change the default to another, but if I have csf up and running I can't connect

Some outputs:

Code (Text):

csf -p | grep vpnserver
992/tcp    -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
1194/tcp   4/6  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
1195/tcp   -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
5555/tcp   -/-  1     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
500/udp    -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
1194/udp   4/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
2659/udp   -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
4500/udp   -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
55363/udp  -/-  -     (1790/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
55363/udp  -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
57525/udp  -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver
61862/udp  -/-  -     (1791/root)          /usr/local/vpnserver/vpnserver execsvc  /usr/local/vpnserver/vpnserver

And

Code (Text):

ss -nlput | grep 1194
udp    UNCONN     0      0      127.0.0.1:1194                  *:*                   users:(("vpnserver",pid=1791,fd=65))
udp    UNCONN     0      0      111.222.333.444:1194                  *:*                   users:(("vpnserver",pid=1791,fd=64))
udp    UNCONN     0      0      10.2.0.113:1194                  *:*                   users:(("vpnserver",pid=1791,fd=61))
udp    UNCONN     0      0         [::1]:1194               [::]:*                   users:(("vpnserver",pid=1791,fd=70))
udp    UNCONN     0      0      [fe80::41c:cff:xxxx:e1ed]%eth1:1194               [::]:*                   users:(("vpnserver",pid=1791,fd=69))
udp    UNCONN     0      0      [fe80::41c:cff:sxxxx:42da]%eth0:1194               [::]:*                   users:(("vpnserver",pid=1791,fd=68))
udp    UNCONN     0      0      [fe80::41c:cff:xxxx:3aac]%eth2:1194               [::]:*                   users:(("vpnserver",pid=1791,fd=67))
udp    UNCONN     0      0        [2a04:3541:1000:500:41c:cff:fe04:3aac]:1194               [::]:*                   users:(("vpnserver",pid=1791,fd=66))
tcp    LISTEN     0      128       *:1194                  *:*                   users:(("vpnserver",pid=1791,fd=40))
tcp    LISTEN     0      128    [::]:1194               [::]:*                   users:(("vpnserver",pid=1791,fd=41))

This is driving me a little crazy.

Nothing seems to work, nobody has a clear sollution (nor our friend Google)

eva2000 · Nov 2, 2019

Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for VPN setups.

However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out

With that said, what VPS type ? Xen, KVM or OpenVZ ? What type of VPN ? Wireguard ? OpenVPN ?

CSF Firewall would interfere and different steps in iptables/csf config to get it to work for Xen/KVM vs OpenVZ that involve adding OpenVZ iptable rules to a manually created file at /etc/csf/csfpre.sh with iptable specific rules for OpenVZ to work and then chmod +x that file.

For specific VPN iptables rules, you can place them in /etc/csf/csfpre.sh file you create yourself or if you already have created, append/modify as needed. The /etc/csf/csfpre.sh loads whatever iptable rules before CSF Firewall's iptables rules.

then make sure /etc/csf/csfpre.sh is executable
Code (Text):
chmod +x /etc/csf/csfpre.sh
then restart CSF firewall
Code (Text):
service csf restart
or
Code (Text):
csf -r
Unfortunately, don't really provide support for stuff like OpenVZ. If you plan to use a VPN, use KVM instead of OpenVZ.

eva2000 · Nov 2, 2019

EckyBrazzz said: ↑

I can select whatever port number to change the default to another, but if I have csf up and running I can't connect
Click to expand...

you whitelisted VPN's TCP/UDP IN/OUT ports in CSF Firewall /etc/csf/csf.conf ?

EckyBrazzz · Nov 3, 2019

I tried the above, but it won't work, some person at the forum someone told, it's csf and found solution, but he did not post it. And yes whitelisted the ports

Guess it was removed csf.

VPS?? When a client calls/mails us to provide service, and they have a VPS we don't accept an order like that. Even if they have a cloud provider (low budget) we tell them better to spend the money elsewhere than spend it to our company and save several $$$ for our services. Most of the time they buy a service at us that we support.

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Sysadmin csf problem with vpnserver

EckyBrazzz Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

EckyBrazzz Active Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Sysadmin csf problem with vpnserver

EckyBrazzz Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

EckyBrazzz Active Member

.