← HeatShield Docs

Securing OpenVPN with a Firewall

With HeatShield, you can restrict the firewall for your OpenVPN Access Server so it can only be accessed from the IP addresses that need to communicate with it.

For example, if you have a network that consists of your office, your home, and your employee's home, you can create a ruleset in HeatShield to open ports on your OpenVPN server to only those IP addresses.

Limiting OpenVPN to a Set of IP Addresses

If you want to allow OpenVPN access from only a specific set of IP addresses, you can easily create a new ruleset in HeatShield.

If you haven't upgraded this server yet, do so now. Once you've upgraded, you'll be able to use custom rulesets on this server.

First, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new firewall rule by selecting the policy, the destination, and the source.

Set the Policy to Allow.

Select HTTPS from the Destination dropdown.

Even though HeatShield allows access to the HTTPS port (443) in its default HTTP/HTTPS ruleset, OpenVPN does not use the HTTP port (80). Since we'll be removing that ruleset from this server in a later step, we need to add limited HTTPS access to our OpenVPN ruleset now.

Select Custom from the Source dropdown and enter the first IP address you want to allow access to OpenVPN. This could be, for example, the IP address of your office or your home. Click Add.

Repeat this step for each additional IP address or range you want to allow access to OpenVPN.

Now, we'll open a custom port to our set of IP addresses.

Set the Policy to Allow.

Select Custom from the Destination dropdown and enter TCP 943 as the OpenVPN port.

Select Custom from the Source dropdown and enter the first IP address you want to allow access to OpenVPN. Click Add.

Repeat this step for each additional IP address or range you want to allow access to OpenVPN.

You must also repeat this process for the remaining OpenVPN port: UDP 1194.

Your final ruleset will look similar to this example:

Applying the OpenVPN Ruleset

To apply your new OpenVPN ruleset to your access server, open the server in HeatShield.

Select your OpenVPN ruleset from the drop-down list and click Apply Ruleset.

Then, click Remove next to the default HTTP/HTTPS ruleset.

Your new ruleset will now be applied to your server.

You can restrict access to your server even further by applying a custom SSH ruleset.

Any number of rulesets can be applied to multiple upgraded servers, and each server can have multiple rulesets applied to it.

Advanced security for your WordPress sites