Allow only one IP to see all clients

[vienfla]

Hi everyone!

I'm looking for the configuration to allow a client (me) to see all other machines, but machines can't see each other.
My server is on 10.8.0.1
my clients are on 10.8.0.2-255

I tried to make a "push route" like 192.4.0.1 and put my machine on anoter subnet, I can reach the server, but none else.

If I set the client-to-client option it works of course, but my clients can reach each other!

I think I'm not too far, can someone help me?

Thanks a lot
Have a good day!

###
port 1194
proto udp
dev tun
ca ca.crt
cert hdmediaservpn.crt
key hdmediaservpn.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 192.168.4.0 255.255.255.0
client-config-dir ccd/
push "route 192.168.4.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


route :


Destination gw Genmask Indic Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
87.181.115.0 * 255.255.255.0 U 0 0 0 eth0
192.168.4.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
default 87.181.115.1 0.0.0.0 UG 0 0 0 eth0

[maikcat]

hi there,

if your pc belongs to one of the clients range ,
and you want your pc to see other clients but not the opposite
the only way to accomplish this is by enabling a firewall on your pc...

because i am a little bit confused,

your pc is one of the clients or it belongs inside your network?

michael.

[vienfla]

Hi maikcat!

The server is on a distant machine outside my network.

My pc is one of the clients, and I don't mind if they can see me, but I want to see them straight.

I just want to avoid all other clients to communicate between them. (they can only see the server and me).

Thanks for help!