We need rock stable openVPN with routing all traffic via our network for our new project.
Let me very briefly describe the config - 7.5 set as gateway with multi-wan (2 fibre connections).
enp4s0 (backup) - Weight 1
enp5s0 - Weight 100
We also have Destination Port Rule for UDP 1194 to go through enp5s0, and a disabled rule for UDP 1194 to go through enp4s0 (so it's easy to enable when something goes wrong).
push "redirect-gateway def1"
We also added "reneg-sec 28800" to the server side and client side config.
All seems to work nicely...But I have also came across this article:
that advises to add 3 custom firewall rules
iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow VPN client traffic back in if established
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # Allow VPN clients out
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE # nat for VPN
Do we need this (with enp5s0 instead of eth0 for our server) or it's an outdated documentation? I have added those rules but it seems to work with them or without them correctly during my short tests.