tap interface server issue with client-to-client
Posted: Sun Sep 03, 2023 12:09 pm
Hi,
I'm using:
Debian 12
OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10
I've setup an openvpn config with dev tap, working correctly for the most part , see below
When I've disabled client-to-client everything seems to work as expected, the clients can only see the server
When I've enabled client-to-client and I connect 1 client to the server then the server is pingable. as soon as another client connects to the server, the connection from all clients to the server get sort of broken. the ping from the first client stops and no client can access the server anymore. while the clients can still see eachother
my iptables chains are empty and all on policy ACCEPT
Since I don't know how to address the issue with client-to-client enabled. Is there some sort of iptables rule I can add to get everything access eachother.
Also with tun everyting works fine, it's just the tap interface and I need a level 2 device instead of a ptp tunnel.
Has anyone got any ideas on the subject?
Thanks in advance
Bram
I'm using:
Debian 12
OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10
I've setup an openvpn config with dev tap, working correctly for the most part , see below
When I've disabled client-to-client everything seems to work as expected, the clients can only see the server
When I've enabled client-to-client and I connect 1 client to the server then the server is pingable. as soon as another client connects to the server, the connection from all clients to the server get sort of broken. the ping from the first client stops and no client can access the server anymore. while the clients can still see eachother
my iptables chains are empty and all on policy ACCEPT
Since I don't know how to address the issue with client-to-client enabled. Is there some sort of iptables rule I can add to get everything access eachother.
Also with tun everyting works fine, it's just the tap interface and I need a level 2 device instead of a ptp tunnel.
Has anyone got any ideas on the subject?
Thanks in advance
Bram