I have an OpenVPN server running in TAP mode on a Linux server where 
tap0 is bridged with eth0 (the server's LAN interface) into br0.

Two client sites connect and results in one big LAN in the same /16 subnet.

192.168.0.0/16 is used on the LAN on the server's side of the bridge.
192.168.10.0/16 is used at client A's side of the bridge.
192.168.20.0/16 is used at client B's side of the bridge.

Each site as a router on .254 following the above convention that 
handles DHCP and general Internet access.
OpenVPN at each site is hosted on systems separate from those routers.

I have full access over the Linux server. I have iptables and ebtables 
and all other facilities at my disposal.

Right now cient-to-client is enabled on the server and allows all nodes 
on a given client to communite with those on another, as well as to the 
server. We require a bridging setup like this for our rather specific 
needs that cannot be accomplished with a TUN based setup.

What I would like to do is turn off client-to-client and do it manually 
so that packets from one client to another actually go through the 
kernel so they are subject to iptables and ebtables; with 
client-to-client enabled, such packages bypass the kernel as they are 
routed internally by OpenVPN. I want to be able to some occasional 
filtering when it is needed (mainly for anything that needs to be 
isolated to it's respective site and not cross the bridge.

What I can't quite figure out is how to do this exactly. I have 
conducted a lot of searching of both all of openvpn.net as well as 
various general search engine queries to no avail.

Thanks for any help.

-- 
BM

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to