Page 1 of 1
Restrict Client from accessing other clients
Posted: Wed Jan 30, 2013 6:42 pm
by blaztoff
I have open VPN installed on a server in my DMZ. I want to be able to access this client from other clients but I do not want this client to be able to access any of my other clients. Currently I can access any other open vpn client that is active. How can I restrict this client?
Re: Restrict Client from accessing other clients
Posted: Thu Jan 31, 2013 6:57 am
by maikcat
hi there,
yes it is possible...
better thank janjust for this...
* do NOT use 'client-to-client'
* use iptables to filter out unwanted traffic
* to allow all traffic between clients
- make sure ip_forwarding is enabled
- add an iptables rules similar to
Code:
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
To allow only a single client IP, use something like
Code:
iptables -I FORWARD -i tun+ -s 10.8.0.26/32 -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
Michael.