On 09/22/2015 11:38 AM, Stefan Monnier wrote:
> How could I arrange that the local tun device doesn't get an IP address
> at all, so that clients can talk to each other via the VPN, but can't
> connect to the server via the VPN (only via the outside IP address
> instead)?

One simple way to prevent clients from connecting to the server's tun is
to firewall it off:

  iptables -I INPUT -i tun+ -j DROP

In plain English: drop any packet destined to the VPN server itself that
are entering via any tunX device.

HTH,
Simon

------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to