bridging and client-to-client

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
gonzobrandon
OpenVpn Newbie
Posts: 3
Joined: Sat May 20, 2017 1:01 am

bridging and client-to-client

Post by gonzobrandon » Sat May 20, 2017 1:09 am

Hello,

I understand the sensitivity of posting routing questions in the OpenVPN forum. I can handle making iptables work when I get to that point...

Goal: I have server-bridge mode on. I would like to prevent client-to-client communications...EXCEPT a few administrative IPs.

There are plenty of examples in the Wiki and FAQ about how to get that set up with routing mode, but I cant seem to get it working in bridge mode.

client-to-client on the server.conf is commented out (off) and that works. I see the arp requests coming through (via tcpdump onbr0 interface) when a client tries to ping another client...but I cant simply apply a FORWARD iptables rule to allow a specific client (admin) getting through to another client.

Am I thinking about this wrong? Is this possible in bridging mode? I can provide the standard route/server.conf file..but they arent far from the defaults packaged with OpenSSL.

Thanks for your help

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: bridging and client-to-client

Post by TinCanTech » Sat May 20, 2017 2:04 am

Do you understand the difference between modes:
  • OSI Layer 2 (what you know as bridge mode)
  • OSI Layer 3 (what you know as routing mode)
:?:

These are not modes imposed by OpenVPN .. they are networking principles.

gonzobrandon
OpenVpn Newbie
Posts: 3
Joined: Sat May 20, 2017 1:01 am

Re: bridging and client-to-client

Post by gonzobrandon » Sat May 20, 2017 2:19 am

I clearly don't. I'm thinking I need to route/firewall on the Ethernet frames.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: bridging and client-to-client

Post by TinCanTech » Sat May 20, 2017 11:34 am

Unless you know why you need to use Layer 2, it is almost certain that you don't.

gonzobrandon
OpenVpn Newbie
Posts: 3
Joined: Sat May 20, 2017 1:01 am

Re: bridging and client-to-client

Post by gonzobrandon » Sat May 20, 2017 11:46 am

Our clients on vpn use on-ip traffic. We have to use bridge mode. Would ebtables be appropriate?

Post Reply