Hi, On Tue, Sep 22, 2015 at 11:38:43AM -0400, Stefan Monnier wrote: > My typical OpenVPN configuration uses a TUN device with a subnet > topology with an IP range of AA.BB.CC.NN and a netmask of 255.255.255.0, > and in that configuration the server gets a local end point address of > AA.BB.CC.1. > > How could I arrange that the local tun device doesn't get an IP address > at all, so that clients can talk to each other via the VPN, but can't > connect to the server via the VPN (only via the outside IP address > instead)?
You can't, OpenVPN needs a tun IP address on the server side to set up routing. But you can, of course, just install local firewall rules on the server to reject all connection attempts to the .1 address. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgprmUNvaP1fG.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users