Hi, On Fri, Nov 19, 2021 at 01:52:20PM +0000, lejeczek via Openvpn-users wrote: > > unset client-to-client in the openvpn config, make sure "a given client" > > has a known IP address (ifconfig-push in ccd/), then do the filtering > > by iptables on the linux side. > > How can it be determined what ovpn does exactly to/with > nftables?
That is easy: nothing. If you want something done in iptables/nftables,
you need to set it up whatever you want it.
> On most recent CentOS Stream 8 where firewalld is the tool
> to manage it, with 'direct' rules I fail to make it work - I
> keep making them looser increasingly but with NO
> 'client-to-clien' I'm unable to have clients talk one to
> another.
Try disabling all firewalling first. If client-to-client then still does
not work, the problem is somewhere else (like, ip_forwarding not enabled).
If it works without firewalling, try with permissive rules that only log
stuff first, so you can see "this rule would have matched".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
