On 09/22/2015 11:38 AM, Stefan Monnier wrote: > How could I arrange that the local tun device doesn't get an IP address > at all, so that clients can talk to each other via the VPN, but can't > connect to the server via the VPN (only via the outside IP address > instead)?
One simple way to prevent clients from connecting to the server's tun is to firewall it off: iptables -I INPUT -i tun+ -j DROP In plain English: drop any packet destined to the VPN server itself that are entering via any tunX device. HTH, Simon ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users