[SOLVED] Easy way to enable/disable remote access (start/stop VPN service or by using firewall rule) by script?

Dear community

I would like to keep my network secure by dropping any connection from internet and stay stealth until i open a port for an OpenVPN connection from the inside. Therefore I would like to create a script to enable/disable external access to call from LAN side.

I guess creating a firewall rule and keep OpenVPN server running would be the more secure way than only stopping OpenVPN and leave the port open... (UDP 1194 right?)

This might be pretty basic stuff for some fw-experts...?

I searched the internet and this forum, but perhaps using the wrong keywords? I doubt that I am the first one looking for a feature like that?

Thanks a lot in advance

I'm not sure I understand what you are after. Typically for VPN, you have the traffic going form LAN to Tunnel, so if the VPN connection fail, traffic between LAN and internet is terminated.

1 Like

I would like to keep all my ports closed and only open UDP 1194 when I want to initiate a VPN connection... and close it after using the VPN tunnel to be secure again...

It isn't possible to open a VPN tunnel from the internet side while my openwrt has all the ports closed... right?

Firewall doesn't really open or close any ports, it only filters access or redirects traffic.
Port is open when some service is listening on it, otherwise it is closed.

1 Like

thanks for your super fast answers guys!

ok, that's right... so when i keep the openvpn server running, UDP port 1194 will stay open for incoming connection attempts. So I would like to achieve an easy way to enable/disable a firewall rule to drop any incoming packets to this port?

As I only use VPN rarely, I don't want to keep the OpenVPN service exposed to the internet all the time... doesn't this make sense?

The port is not reachable if there's no service listening on it.


ok... so i could just start / kill the OpenVPN service with a script?

... and no rule for forwarding it to another device

1 Like

Yes, but you should use appropriate commands to manage services:

1 Like

Thanks a lot :slight_smile:

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).


@cotwild you might find this interesting...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.