OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

subnet limitation for client VPN

https://forums.openvpn.net/viewtopic.php?t=37869

Page 1 of 1

subnet limitation for client VPN

Posted: Fri Oct 13, 2023 1:36 pm
by l.lucii
Hello everyone
I have an OpenVPN server configured in Client-to-Client routing mode, I have the CCD folder with all the names of the client certificates inside and the remote networks of the clients combined.
Usually with this configuration each client can access the other client's network, how can I limit access from one client to only one other client? example :
Client A can access the network of clients B, C, D
Client E can ONLY access client B's network

Thank you

Re: subnet limitation for client VPN

Posted: Fri Oct 13, 2023 1:40 pm
by l.lucii
CCD Configuration:

client-a 192.168.1.0 255.255.255.0
client-b 192.168.2.0 255.255.255.0
client-c 192.168.3.0 255.255.255.0
client-d 192.168.4.0 255.255.255.0
client-e 192.168.5.0 255.255.255.0

Re: subnet limitation for client VPN

Posted: Fri Oct 13, 2023 1:48 pm
by Pippin
Hi,

On the server you need firewall rules on the tun interface/subnet in the forward chain using the client(s) tunnel IP.

If using --client-to-client in the server config, you need to remove it.

Example: https://backreference.org/2010/05/02/co ... n-openvpn/

Probably helpful diagram: https://community.openvpn.net/openvpn/w ... acketsFlow
.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/