Thanks, that is one way to do it, although I'm still quite curious if and how it could be accomplished using just one server instance using available networking related facilities in Linux (I am genuinely curious.)
Thanks. -- BM On 12/7/2014 4:52 AM, debbie...@gmail.com wrote: > Please see: > https://forums.openvpn.net/topic17673.html#p47330 > > > ----- Original Message ----- From: "blz" <blz.mar...@gmail.com> > To: <openvpn-users@lists.sourceforge.net> > Sent: Sunday, December 07, 2014 6:52 AM > Subject: [Openvpn-users] [TAP/Bridge] How to manually > replicateclient-to-client? > > >> I have an OpenVPN server running in TAP mode on a Linux server where >> tap0 is bridged with eth0 (the server's LAN interface) into br0. >> >> Two client sites connect and results in one big LAN in the same /16 >> subnet. >> >> 192.168.0.0/16 is used on the LAN on the server's side of the bridge. >> 192.168.10.0/16 is used at client A's side of the bridge. >> 192.168.20.0/16 is used at client B's side of the bridge. >> >> Each site as a router on .254 following the above convention that >> handles DHCP and general Internet access. >> OpenVPN at each site is hosted on systems separate from those routers. >> >> I have full access over the Linux server. I have iptables and ebtables >> and all other facilities at my disposal. >> >> Right now cient-to-client is enabled on the server and allows all nodes >> on a given client to communite with those on another, as well as to the >> server. We require a bridging setup like this for our rather specific >> needs that cannot be accomplished with a TUN based setup. >> >> What I would like to do is turn off client-to-client and do it manually >> so that packets from one client to another actually go through the >> kernel so they are subject to iptables and ebtables; with >> client-to-client enabled, such packages bypass the kernel as they are >> routed internally by OpenVPN. I want to be able to some occasional >> filtering when it is needed (mainly for anything that needs to be >> isolated to it's respective site and not cross the bridge. >> >> What I can't quite figure out is how to do this exactly. I have >> conducted a lot of searching of both all of openvpn.net as well as >> various general search engine queries to no avail. >> >> Thanks for any help. >> >> -- >> BM >> >> ------------------------------------------------------------------------------ >> >> >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & >> more >> Get technology previously reserved for billion-dollar corporations, FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users > ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
