On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund <bo.bergl...@gmail.com> wrote:
>I.e. is it enough to remove the route into the local LAN for this to be blocked >and only allowing web access forwarding? So today I tried this: topology subnet server 10.13.149.0 255.255.255.0 'nopool' multihome #Operate on both eth0 and wlan0 ifconfig-pool 10.13.149.2 10.13.149.127 255.255.255.0 ifconfig-pool-persist ipp_webonly.txt #Clients keep their IP via this #push "route 10.0.1.0 255.255.255.0" #Gives access to local LAN push "redirect-gateway def1 bypass-dhcp" #client access Internet via vpn push "dhcp-option DNS 208.67.222.222" #Public DNS server push "dhcp-option DNS 208.67.220.220" #Public DNS server This is the same as the server where I reach the web through vpn and also the vpn server's LAN via the tunnel. The only differences: 1) push "ropute... line **commented out** 2) ifconfig is set to a different subnet than the other service uses The new service runs on a different port so I changed the port number in a copy of the ovpn file for full web/LAN access to get the ovpn file for the web only case. But it did not work... I could connectr successfully but when I tried to reach an Internet resource from my pohone after connecting it timed out. So now the client cannot reach the internet at all, which is strange given that the route line I always thought would control the connection to the loacal LAN rather than to the Internet... What have I missed? The log seems to show a successful connection but then it spits out this afterwards: BosseAtJenny/90.***:3626 PUSH: Received control message: 'PUSH_REQUEST' BosseAtJenny/90.***:3626 MULTI: bad source address from client [100.85.129.161], packet dropped BosseAtJenny/90.***:3626 MULTI: bad source address from client [100.85.129.161], packet dropped This is strange to me but it does also appear when I connect successfully to the web+LAn service, so it might be something always present whatever it is. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
