Alllowing specific clients to talk to other attached clients.

[sofuca]

Hello,
I have just configured this but with a few modifications.

https://techpunch.co.uk/development/how ... ine-in-aws

It works very very well.

I've configured a bunch of clients with static IPs and this is great.

Every client can connect to the VPN server and vice versa. Now the final hurdle, i'm using the range 10.2.0.0/16 and what I want is a bunch of say super users that can access all other clients. say from 10.2.0.10 to 10.2.0.100 the rest would be restricted to just accessing the server.

Brilliant software by the way! And having it all configured in AWS with cloud formation is OMG!!!

Server config

View Originalserver

port 1194
proto udp
dev tun
server 10.2.0.0 255.255.0.0
push "route 172.31.0.0 255.255.0.0"
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
client-config-dir /etc/openvpn/client-config-dir
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
cipher AES-256-CBC
auth SHA1
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
max-clients 100
user nobody
group nobody
mode server
tls-server

Client config

View Originalclient

client
dev tun
proto udp
remote example.com 1194
ca ca.crt
cert [KEYNAME].crt
key [KEYNAME].key
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
cipher AES-256-CBC
auth SHA1
resolv-retry infinite
auth-retry none
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3

[TinCanTech]

There is an example in the howto.

HOWTO: For OpenVPN Community Edition