On Sun, 2 May 2021 19:17:26 +0200, Gert Doering <g...@greenie.muc.de> wrote:
>Now, for "client A talks to client B", there's a catch - if you put >"client-to-client" into the openvpn server config, OpenVPN will forward >the packets directly, bypassing tun0 firewalls. Without client-to-client, >packets go to tun0, get firewalled, come back (or not). Related question: I am looking to use an OpenVPN server to facilitate communications between two connected devices via the VPN tunnel. I will create a new server instance on a separate port for this. So I will definitely use client-to-client for this. But I don't want any other traffic to go through the VPN, so how should I set the server conf file to accomplish that? I have this in the new instance conf file now (copy of the existing file with edits done). But I am unsure what I *really* need: port 1197 multihome dev tun proto udp (cryptography file locations) key-direction 0 topology subnet server 10.8.113.0 255.255.255.0 'nopool' ifconfig-pool 10.8.113.2 10.8.113.127 255.255.255.0 ifconfig-pool-persist ippagi.txt client-config-dir /etc/openvpn/ccdagi #Used to handle special configs # Add route to Client routing table for the OpenVPN Server push "route 10.8.113.1 255.255.255.255" # Add route to Client routing table for the OpenVPN Subnet push "route 10.8.113.0 255.255.255.0" client-to-client #Allow VPN clients to talk to each other duplicate-cn #Can connect several tunnels using the same credentials keepalive 10 120 cipher AES-256-CBC comp-lzo persist-key persist-tun max-clients 20 status /etc/openvpn/log/ovpnagi-status.log 20 log-append /etc/openvpn/log/ovpnagi.log verb 3 explicit-exit-notify 1 So I don't want the tunnel clients to be routed out onto the server side LAN nor do I want them to be able to route through to the Internet. Basically the ONLY traffic in the tunnel should be the client-to-client traffic. What else should I do in the conf file? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
