configuring client to client access rules

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
npreiser
OpenVpn Newbie
Posts: 3
Joined: Sat Oct 21, 2017 12:04 am

configuring client to client access rules

Post by npreiser » Sat Oct 21, 2017 12:14 am

I am having difficulty configuring the following system:

server 10.8.0.1, topology subnet,
client A - 10.8.1.10 ccd = ifconfig-push 10.8.1.10 255.255.255.0
client B - 10.8.2.12 ccd = ifconfig-push 10.8.2.12 255.255.255.0

client-to-client option is commented out (disabled).

My goal is to be able to have client A see client B machine,
but NOt have client B see clients A machine.

with the above config, the clients are connecting , but not able to ping the server. because
they are on different subnets.
If I change the clients ccd, to a mask of 255.255.0.0, then everyone can see everyone,
That is without any iptables/ufw changes...which I find strange.

I need to be able to control who can see who.

thanks for any help, Nick,

npreiser
OpenVpn Newbie
Posts: 3
Joined: Sat Oct 21, 2017 12:04 am

Re: configuring client to client access rules

Post by npreiser » Mon Oct 23, 2017 3:52 pm

a bit more info:
I did try to follow the how to---" Configuring client-specific rules and access policies" but that does not work as
it expected, and my situation is different because I want to cross subnets, with clients.
I am happy to configure my ipables/ufw rules as needed, but I can't get to the point where the firewall is even being acknowledged.

If anyone has a simple example of how to setup the server so that you have static dhcp addressing on clients, and can control there access
to other clients, / subnets independently., or even by which subnet they are in grouped into, that would be awesome.
thanks ,

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: configuring client to client access rules

Post by TinCanTech » Mon Oct 23, 2017 6:48 pm

What version of openvpn are you using ?

Post Reply