bridging and client-to-client
Posted: Sat May 20, 2017 1:09 am
Hello,
I understand the sensitivity of posting routing questions in the OpenVPN forum. I can handle making iptables work when I get to that point...
Goal: I have server-bridge mode on. I would like to prevent client-to-client communications...EXCEPT a few administrative IPs.
There are plenty of examples in the Wiki and FAQ about how to get that set up with routing mode, but I cant seem to get it working in bridge mode.
client-to-client on the server.conf is commented out (off) and that works. I see the arp requests coming through (via tcpdump onbr0 interface) when a client tries to ping another client...but I cant simply apply a FORWARD iptables rule to allow a specific client (admin) getting through to another client.
Am I thinking about this wrong? Is this possible in bridging mode? I can provide the standard route/server.conf file..but they arent far from the defaults packaged with OpenSSL.
Thanks for your help
I understand the sensitivity of posting routing questions in the OpenVPN forum. I can handle making iptables work when I get to that point...
Goal: I have server-bridge mode on. I would like to prevent client-to-client communications...EXCEPT a few administrative IPs.
There are plenty of examples in the Wiki and FAQ about how to get that set up with routing mode, but I cant seem to get it working in bridge mode.
client-to-client on the server.conf is commented out (off) and that works. I see the arp requests coming through (via tcpdump onbr0 interface) when a client tries to ping another client...but I cant simply apply a FORWARD iptables rule to allow a specific client (admin) getting through to another client.
Am I thinking about this wrong? Is this possible in bridging mode? I can provide the standard route/server.conf file..but they arent far from the defaults packaged with OpenSSL.
Thanks for your help