On Mon, Jul 31, 2023 at 4:35 PM, Jochen Bern<jochen.b...@binect.de> wrote: On 31.07.23 13:42, Jason Long wrote: > And added the following lines to the client.ovpn file: > > route 172.20.1.0 255.255.255.0 > push "dhcp-option dns 172.20.1.2" > push "dhcp-option dns 172.20.1.7" > dhcp-option DOMAIN MY_DOMAIN
(I would *hope* that clients *cannot* "push" any settings to a central server's OpenVPN ...) > My problem is that I did it by enabling the IP Forwarding. I wanted > to do it without it. I guess that I must to enable the IP Forwarding > because of my OpenVPN server NICs. It has two NICs (NAT and Local) > and because of it I must enable IP Forwarding. > What is your opinion? Traffic from and to the VPN clients flows between your server's enps0s3 and tun... interfaces, so I'm pretty sure that iptables+kernel *do* consider them "forwarded" and enabling forwarding is *required* for things to work. Even if you could somehow trick the server OS into thinking differently about it, it's clearly "forwarded" traffic from a network design perspective and I don't see the advantage of treating it as anything else. Kind regards, Hello,Thanks again.I tried "dhcp-option dns 172.20.1.2", but it showed me an error message. My client is Windows OS.So, the IP Forwarding must be enabled in my scenario?Please take a look at: https://askubuntu.com/questions/776324/how-to-enable-openvpn-access-to-only-the-internal-lan In what scenarios should IP Forwarding be disabled? What is the usage of the "client-to-client" and "iroute"? -- Jochen Bern Systemingenieur Binect GmbH _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
