The vpn server doesn't control what ports are allowed. That's your server's firewall. If you're using openvpn, the default server port is 1194. So all clients connect to the vpn through port 1194. Each client knows if it's connected to the vpn server or not, and a new network interface with a vpn address will show up. Once the vpn connection has been established and verified, it's then a matter of 2 things: 1) the minetest server is running 2) the port for minetest server is allowed through the host machine's firewall.
A simple setup on a Debian linux machine would be something like this:
1) home router forwards port 1194 to the computer running the openvpn server
2) openvpn server, which uses (listens on) port 1194, protocol udp, for client connections.
3) minetest server, which uses (listens on) port 30000, protocol udp, for client connections
4) ufw to manage the computer's firewall.
So you have people from the Internet requesting access into your home network on port 1994, and your router allowing that, then 2 different servers running on the server computer. You use ufw on the server to allow or disallow connections to those servers.
With an openvpn server, the computer gets a new network interface, which will show up as "tun0". You can see this by doing "ifconfig" in the command line, which will also show other network interfaces, such as "eth0" and your LAN address on that. The I.P. address of the server on the tun0 interface is 10.8.0.1 by default. This address value is set by the openvpn config file at /etc/openvpn/server.conf. All clients that connect to the server also get a new network interface called "tun0" (or tun1 if that's already taken), and the addresses for that interface start with 10.8.0.6, and go up by values of 4 for each new client. So 10.8.0.6, 10.8.0.10, 10.8.0.14, etc. (There's a technical reason for this which you can research, or just accept it for now).
But the clients can only connect to the openvpn server if port 1194 is open in both your home router and on the server. After logging into your router and forwarding port 1194 to your server, you then have to allow this port on the server using the ufw command:
Code: Select all
sudo ufw allow from any to any port 1194 proto udp comment 'allow vpn connections'
(note: this is a very liberal policy which allows everyone in the world access on port 1194, but openvpn server only accepts those with encryption keys. You can set it to only allow specific addresses if you want):
Clients connect by installing openvpn and setting up their client config file at /etc/openvpn/client.conf to use your home I.P. address and port 1194. The clients don't usually need to set up any firewall rule.
So at this point you have an openvpn server running, and clients can connect to it. The server and the clients are all using the address allocation of 10.8.0.0/24, which means the address range from 10.8.0.1 to 10.8.0.255.
Now you need to get a minetest server running. By default, it runs on port 30000, protocol udp. So after you have one set up and running, and it's on port 30000, you'll want to allow that for just the vpn clients. So you'll open port 30000 on the server using the 'ufw' command:
Code: Select all
sudo ufw allow from 10.8.0.0/24 to any port 30000 proto udp comment 'minetest server'
So that this point, on the server machine it's allowing everyone on the Internet to try to access openvpn on port 1194/udp, and that's the only port open to the internet, while it allows any computer that's a member of the 10.8.0.x network, access to port 30000/udp. The server's vpn I.P. address is 10.8.0.1 while the first 2 clients will have addresses 10.8.0.6 and 10.8.0.10.
From the server, you can see which openvpn clients are currently connected by doing:
Code: Select all
sudo cat /var/log/openvpn/openvpn-status.log
The client at 10.8.0.6 will open their minetest client and tell it to connect to 10.8.0.1 on port 30000 and it should just work. The client at 10.8.0.10 will do the same.