OpenVPN Support Forum

Hi, I want to setup openvpn server where clients cannot use it to redirect the traffic, but only connect to other LANs in the network.

From my understanding removing push redirect-gateway from server.conf file should allow traffic from not being shaped/redirected by default but they can still redirect its traffic and override server settings by modifying client ovpn file. Is it possible to restrict the client to only ping/connect to other network devices while not redirecting the traffic.

Currently, all traffic is shaped from ovpn server and its throttling the bandwidth of server. I tried removing push redirect gateway def1 from server config file, after which client is not able to connect to internet

they can still redirect its traffic and override server settings by modifying client ovpn file.

Server side firewall rules in the FORWARD chain on tun interface allowing access to the LAN side subnet(s) only.

Thanks for the response. Since this is first time I am trying to set up vpn, are there any walk-through/ references/ guide to set up these rules. What we need is to access only a single Linux (ubuntu) server out of few machines in that network, which lies in the same network as that of vpn machine.

I tried removing push redirect gateway def1 from server config file, after which client is not able to connect to internet

I think you want to figure out why this happens first.
Other than this, it's really about firewalling in the server. Something like this should do:

tomty89 wrote: ↑

Fri Sep 27, 2019 7:45 am

Code: Select all

iptables -A FORWARD -i tun -o eth -d host_or_network -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun -j DROP

I have tried this 3 lines of code and it works!
Now I have access only to the clients that I want.
Thanks.