subnet limitation for client VPN

l.lucii · Post by **l.lucii** » Fri Oct 13, 2023 1:36 pm

Hello everyone
I have an OpenVPN server configured in Client-to-Client routing mode, I have the CCD folder with all the names of the client certificates inside and the remote networks of the clients combined.
Usually with this configuration each client can access the other client's network, how can I limit access from one client to only one other client? example :
Client A can access the network of clients B, C, D
Client E can ONLY access client B's network

Thank you

l.lucii · Post by **l.lucii** » Fri Oct 13, 2023 1:40 pm

CCD Configuration:

client-a 192.168.1.0 255.255.255.0
client-b 192.168.2.0 255.255.255.0
client-c 192.168.3.0 255.255.255.0
client-d 192.168.4.0 255.255.255.0
client-e 192.168.5.0 255.255.255.0

Post by **Pippin** » Fri Oct 13, 2023 1:48 pm

Hi,

On the server you need firewall rules on the tun interface/subnet in the forward chain using the client(s) tunnel IP.

If using --client-to-client in the server config, you need to remove it.

Example: https://backreference.org/2010/05/02/co ... n-openvpn/

Probably helpful diagram: https://community.openvpn.net/openvpn/w ... acketsFlow
.

OpenVPN Support Forum

subnet limitation for client VPN

subnet limitation for client VPN

Re: subnet limitation for client VPN

Re: subnet limitation for client VPN