I would like to keep my network secure by dropping any connection from internet and stay stealth until i open a port for an OpenVPN connection from the inside. Therefore I would like to create a script to enable/disable external access to call from LAN side.
I guess creating a firewall rule and keep OpenVPN server running would be the more secure way than only stopping OpenVPN and leave the port open... (UDP 1194 right?)
This might be pretty basic stuff for some fw-experts...?
I searched the internet and this forum, but perhaps using the wrong keywords? I doubt that I am the first one looking for a feature like that?
I'm not sure I understand what you are after. Typically for VPN, you have the traffic going form LAN to Tunnel, so if the VPN connection fail, traffic between LAN and internet is terminated.
I would like to keep all my ports closed and only open UDP 1194 when I want to initiate a VPN connection... and close it after using the VPN tunnel to be secure again...
It isn't possible to open a VPN tunnel from the internet side while my openwrt has all the ports closed... right?
Firewall doesn't really open or close any ports, it only filters access or redirects traffic.
Port is open when some service is listening on it, otherwise it is closed.
ok, that's right... so when i keep the openvpn server running, UDP port 1194 will stay open for incoming connection attempts. So I would like to achieve an easy way to enable/disable a firewall rule to drop any incoming packets to this port?
As I only use VPN rarely, I don't want to keep the OpenVPN service exposed to the internet all the time... doesn't this make sense?
If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).
