Hi, this might help:
https://community.openvpn.net/openvpn/wiki/HowPacketsFlow https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts Pippin Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Op vrijdag 19 november 2021 om 15:53 schreef lejeczek via Openvpn-users <openvpn-users@lists.sourceforge.net>: > On 19/11/2021 13:57, Gert Doering wrote: > > > Hi, > > > > On Fri, Nov 19, 2021 at 01:52:20PM +0000, lejeczek via Openvpn-users wrote: > > > > > > unset client-to-client in the openvpn config, make sure "a given client" > > > > > > > > has a known IP address (ifconfig-push in ccd/), then do the filtering > > > > > > > > by iptables on the linux side. > > > > > > > > How can it be determined what ovpn does exactly to/with > > > > > > > > nftables? > > > > > > > > That is easy: nothing. If you want something done in iptables/nftables, > > > > > > > > you need to set it up whatever you want it. > > > > > On most recent CentOS Stream 8 where firewalld is the tool > > > > > > to manage it, with 'direct' rules I fail to make it work - I > > > > > > keep making them looser increasingly but with NO > > > > > > 'client-to-clien' I'm unable to have clients talk one to > > > > > > another. > > > > > > Try disabling all firewalling first. If client-to-client then still does > > > > > > not work, the problem is somewhere else (like, ip_forwarding not enabled). > > > > If it works without firewalling, try with permissive rules that only log > > > > stuff first, so you can see "this rule would have matched". > > > > gert > > client-to-client works. I did disable it as per your > > suggestion to "unset" and am trying to work it out through > > rules which would allow. > > But similarly enabled 'client-to-client' also seems to > > escape my rules to drop. > > What I am hoping for is some docs on the 'magic' bits > > 'client-to-client' do in nftables, if any. > > thanks, L. > > Openvpn-users mailing list > > Openvpn-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
