I am having difficulty configuring the following system:
server 10.8.0.1, topology subnet,
client A - 10.8.1.10 ccd = ifconfig-push 10.8.1.10 255.255.255.0
client B - 10.8.2.12 ccd = ifconfig-push 10.8.2.12 255.255.255.0
client-to-client option is commented out (disabled).
My goal is to be able to have client A see client B machine,
but NOt have client B see clients A machine.
with the above config, the clients are connecting , but not able to ping the server. because
they are on different subnets.
If I change the clients ccd, to a mask of 255.255.0.0, then everyone can see everyone,
That is without any iptables/ufw changes...which I find strange.
I need to be able to control who can see who.
thanks for any help, Nick,
configuring client to client access rules
-
- OpenVpn Newbie
- Posts: 3
- Joined: Sat Oct 21, 2017 12:04 am
-
- OpenVpn Newbie
- Posts: 3
- Joined: Sat Oct 21, 2017 12:04 am
Re: configuring client to client access rules
a bit more info:
I did try to follow the how to---" Configuring client-specific rules and access policies" but that does not work as
it expected, and my situation is different because I want to cross subnets, with clients.
I am happy to configure my ipables/ufw rules as needed, but I can't get to the point where the firewall is even being acknowledged.
If anyone has a simple example of how to setup the server so that you have static dhcp addressing on clients, and can control there access
to other clients, / subnets independently., or even by which subnet they are in grouped into, that would be awesome.
thanks ,
I did try to follow the how to---" Configuring client-specific rules and access policies" but that does not work as
it expected, and my situation is different because I want to cross subnets, with clients.
I am happy to configure my ipables/ufw rules as needed, but I can't get to the point where the firewall is even being acknowledged.
If anyone has a simple example of how to setup the server so that you have static dhcp addressing on clients, and can control there access
to other clients, / subnets independently., or even by which subnet they are in grouped into, that would be awesome.
thanks ,
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: configuring client to client access rules
What version of openvpn are you using ?