keepalive 10 60
### Push Configurations Below
push "dhcp-option DOMAIN xxx.ltd"
push "dhcp-option DNS 172.20.20.4"
push "comp-lzo no"
### Extra Configurations Below
As you can see, we are not using the redirect-gateway option, so clients are not pushed the gateway route. Anyway, this can easily be bypassed by client configuration. How can we use iptables to allow VPN clients to communicate only with local LAN devices (in the 172.20.20.x network)?
I suppose we have to change our iptables rules, which currently are as follow:
Code: Select all
iptables -A INPUT -i tap0 -j ACCEPT iptables -A INPUT -i br0 -j ACCEPT iptables -A FORWARD -i br0 -j ACCEPT