iptables and client-to-client

This forum is for general conversation and user-user networking.
Post Reply
fanfan_2a
OpenVpn Newbie
Posts: 4
Joined: Sun Sep 23, 2018 7:03 pm

iptables and client-to-client

Post by fanfan_2a » Wed Dec 16, 2020 9:44 am

Hi !

My server is configured with client-to-client parameter, and my clients have different networks (10.1.1.0/24 to 10.1.5.0/24). Traffic between sites works very well but I would like to block traffic from one site (10.1.5.0/24)

I've tried :

Code: Select all

iptables -A FORWARD -i tun0 -s 10.1.5.0/24 -d 10.1.0.0/16 -j DROP
but it doesn't work. Can I do this restriction with iptables ?

Or do I have to disable client-to-client and set manually connections between sites with iptables ?

Thanks

User avatar
Pippin
Forum Team
Posts: 987
Joined: Wed Jul 01, 2015 8:03 am

Re: iptables and client-to-client

Post by Pippin » Wed Dec 16, 2020 12:59 pm

Firewall is basically off topic but the tip is, do not use client-to-client.
Maybe helpful:
https://community.openvpn.net/openvpn/w ... acketsFlow

User avatar
TinCanTech
Forum Team
Posts: 9239
Joined: Fri Jun 03, 2016 1:17 pm

Re: iptables and client-to-client

Post by TinCanTech » Wed Dec 16, 2020 4:30 pm

--client-to-client allows openvpn server to route between clients without passing through the kernel.

If you need to add firewall rules to filter specific traffic between clients then you must not use --client-to-client.

Client to server is not effected by --client-to-client.

Firewall rules are much more complicated.

fanfan_2a
OpenVpn Newbie
Posts: 4
Joined: Sun Sep 23, 2018 7:03 pm

Re: iptables and client-to-client

Post by fanfan_2a » Wed Dec 16, 2020 11:09 pm

ok thanks for the replies, i'm gonna work on it

Post Reply