restricting access for openvpn client and its subnets
Posted: Tue Feb 09, 2016 10:06 pm
Hi,
I have a fixed IP client with the following ccd config:
Now I want other vpn clients to freely access 10.8.0.6 and it's subnet 10.10.10.0.
The 10.8.0.6 client and any underlying subnet must not be able to initiate new connections to VPN clients.
To achieve this I can configure iptables with something like the following:
I am not under control of 10.8.0.6. What will happen if the client links to a new subnet, e.g. 11.11.11.0 and adds a few routing lines to see the vpn network?
Is there a way to drop all new packets that travel from/via 10.8.0.6?
Thanks!
Cheers,
Gin
I have a fixed IP client with the following ccd config:
Code: Select all
ifconfig-push 10.8.0.6 10.8.0.7
iroute 10.10.10.0 255.255.255.0The 10.8.0.6 client and any underlying subnet must not be able to initiate new connections to VPN clients.
To achieve this I can configure iptables with something like the following:
Code: Select all
iptables -A INPUT -s 10.8.0.6 -m state --state NEW -j DROP
iptables -A FORWARD -s 10.8.0.6 -m state --state NEW -j DROP
iptables -A INPUT -s 10.10.10.0/24 -m state --state NEW -j DROP
iptables -A FORWARD -s 10.10.10.0/24 -m state --state NEW -j DROP
Is there a way to drop all new packets that travel from/via 10.8.0.6?
Thanks!
Cheers,
Gin