I have an OpenVPN server running in TAP mode on a Linux server where tap0 is bridged with eth0 (the server's LAN interface) into br0.
Two client sites connect and results in one big LAN in the same /16 subnet. 192.168.0.0/16 is used on the LAN on the server's side of the bridge. 192.168.10.0/16 is used at client A's side of the bridge. 192.168.20.0/16 is used at client B's side of the bridge. Each site as a router on .254 following the above convention that handles DHCP and general Internet access. OpenVPN at each site is hosted on systems separate from those routers. I have full access over the Linux server. I have iptables and ebtables and all other facilities at my disposal. Right now cient-to-client is enabled on the server and allows all nodes on a given client to communite with those on another, as well as to the server. We require a bridging setup like this for our rather specific needs that cannot be accomplished with a TUN based setup. What I would like to do is turn off client-to-client and do it manually so that packets from one client to another actually go through the kernel so they are subject to iptables and ebtables; with client-to-client enabled, such packages bypass the kernel as they are routed internally by OpenVPN. I want to be able to some occasional filtering when it is needed (mainly for anything that needs to be isolated to it's respective site and not cross the bridge. What I can't quite figure out is how to do this exactly. I have conducted a lot of searching of both all of openvpn.net as well as various general search engine queries to no avail. Thanks for any help. -- BM ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users