Hello everyone
I have an OpenVPN server configured in Client-to-Client routing mode, I have the CCD folder with all the names of the client certificates inside and the remote networks of the clients combined.
Usually with this configuration each client can access the other client's network, how can I limit access from one client to only one other client? example :
Client A can access the network of clients B, C, D
Client E can ONLY access client B's network
Thank you
subnet limitation for client VPN
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 21, 2021 12:34 pm
subnet limitation for client VPN
Last edited by l.lucii on Fri Oct 13, 2023 1:42 pm, edited 1 time in total.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 21, 2021 12:34 pm
Re: subnet limitation for client VPN
CCD Configuration:
client-a 192.168.1.0 255.255.255.0
client-b 192.168.2.0 255.255.255.0
client-c 192.168.3.0 255.255.255.0
client-d 192.168.4.0 255.255.255.0
client-e 192.168.5.0 255.255.255.0
client-a 192.168.1.0 255.255.255.0
client-b 192.168.2.0 255.255.255.0
client-c 192.168.3.0 255.255.255.0
client-d 192.168.4.0 255.255.255.0
client-e 192.168.5.0 255.255.255.0
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: subnet limitation for client VPN
Hi,
On the server you need firewall rules on the tun interface/subnet in the forward chain using the client(s) tunnel IP.
If using --client-to-client in the server config, you need to remove it.
Example: https://backreference.org/2010/05/02/co ... n-openvpn/
Probably helpful diagram: https://community.openvpn.net/openvpn/w ... acketsFlow
.
On the server you need firewall rules on the tun interface/subnet in the forward chain using the client(s) tunnel IP.
If using --client-to-client in the server config, you need to remove it.
Example: https://backreference.org/2010/05/02/co ... n-openvpn/
Probably helpful diagram: https://community.openvpn.net/openvpn/w ... acketsFlow
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp