Please see: https://forums.openvpn.net/topic17673.html#p47330
----- Original Message ----- From: "blz" <blz.mar...@gmail.com> To: <openvpn-users@lists.sourceforge.net> Sent: Sunday, December 07, 2014 6:52 AM Subject: [Openvpn-users] [TAP/Bridge] How to manually replicateclient-to-client? >I have an OpenVPN server running in TAP mode on a Linux server where > tap0 is bridged with eth0 (the server's LAN interface) into br0. > > Two client sites connect and results in one big LAN in the same /16 > subnet. > > 192.168.0.0/16 is used on the LAN on the server's side of the bridge. > 192.168.10.0/16 is used at client A's side of the bridge. > 192.168.20.0/16 is used at client B's side of the bridge. > > Each site as a router on .254 following the above convention that > handles DHCP and general Internet access. > OpenVPN at each site is hosted on systems separate from those routers. > > I have full access over the Linux server. I have iptables and ebtables > and all other facilities at my disposal. > > Right now cient-to-client is enabled on the server and allows all nodes > on a given client to communite with those on another, as well as to the > server. We require a bridging setup like this for our rather specific > needs that cannot be accomplished with a TUN based setup. > > What I would like to do is turn off client-to-client and do it manually > so that packets from one client to another actually go through the > kernel so they are subject to iptables and ebtables; with > client-to-client enabled, such packages bypass the kernel as they are > routed internally by OpenVPN. I want to be able to some occasional > filtering when it is needed (mainly for anything that needs to be > isolated to it's respective site and not cross the bridge. > > What I can't quite figure out is how to do this exactly. I have > conducted a lot of searching of both all of openvpn.net as well as > various general search engine queries to no avail. > > Thanks for any help. > > -- > BM > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
