OpenVPN Support Forum

Posted: **Wed Dec 16, 2020 9:44 am**

Hi !

My server is configured with client-to-client parameter, and my clients have different networks (10.1.1.0/24 to 10.1.5.0/24). Traffic between sites works very well but I would like to block traffic from one site (10.1.5.0/24)

I've tried :

Code: Select all

iptables -A FORWARD -i tun0 -s 10.1.5.0/24 -d 10.1.0.0/16 -j DROP

but it doesn't work. Can I do this restriction with iptables ?

Or do I have to disable client-to-client and set manually connections between sites with iptables ?

Thanks

Posted: **Wed Dec 16, 2020 12:59 pm**

Firewall is basically off topic but the tip is, do not use client-to-client.
Maybe helpful:
https://community.openvpn.net/openvpn/w ... acketsFlow

Posted: **Wed Dec 16, 2020 4:30 pm**

--client-to-client allows openvpn server to route between clients without passing through the kernel.

If you need to add firewall rules to filter specific traffic between clients then you must not use --client-to-client.

Client to server is not effected by --client-to-client.

Firewall rules are much more complicated.

Posted: **Wed Dec 16, 2020 11:09 pm**

ok thanks for the replies, i'm gonna work on it

OpenVPN Support Forum

iptables and client-to-client

iptables and client-to-client

Re: iptables and client-to-client

Re: iptables and client-to-client

Re: iptables and client-to-client