Hi, On Wed, Jun 14, 2017 at 02:50:28PM +0800, Antonio Quartulli wrote: > Same I said would apply to packets coming in: when going from OpenVPN to tun0 > they would not be subject to routing/iptables.
Huh? Of course everything OpenVPN sends towards the host is seen
as "INPUT on tun0" by the firewalls, and by the routing.
> Basically the idea is that OpenVPN and the tun0 interface are directly
> attached,
> so I/O between the two is direct.
While they are directly attached, there is full blast iptables inbound
and outbound on the tun0 side.
So it's actually *better* to imagine "the OpenVPN server" to be a black
box connected to a second network card of the "Linux server", named "tun0"
(and that actually explains routing/filtering/iroute-vs-route quite well).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
