Hi, On Fri, Nov 19, 2021 at 02:53:17PM +0000, lejeczek via Openvpn-users wrote: > client-to-client works. I did disable it as per your > suggestion to "unset" and am trying to work it out through > rules which would allow. > But similarly enabled 'client-to-client' also seems to > escape my rules to drop. > What I am hoping for is some docs on the 'magic' bits > 'client-to-client' do in nftables, if any.
client-to-client does packet forwarding inside openvpn, no nftables
involved (and nftables has no chance to filter).
without client-to-client, packets go to the linux tun interface, and
are *returned* (incoming = tun, outgoing = tun) and openvpn forwards
it then to the other client. In that case, nftables can affect them.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
