Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread tincantech via Openvpn-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, --- Original Message --- On Friday, October 20th, 2023 at 23:39, Bo Berglund wrote: > On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli a...@unstable.cc wrote: > > > Hi, > > > > On 20/10/2023 21:35, Bo Berglund wrote: > >

Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread tincantech via Openvpn-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, --- Original Message --- On Friday, October 20th, 2023 at 21:17, Bo Berglund wrote: > On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund bo.bergl...@gmail.com wrote: > > > On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund

Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread Bo Berglund
On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli wrote: >Hi, > >On 20/10/2023 21:35, Bo Berglund wrote: >> What have I missed? > >Breaking your setup in mysterious ways is not going to help :-) > >As Gert pointed out, what you want to achieve requires configuring the >firewall to prevent

Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread Bo Berglund
On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund wrote: >On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote: > >>I.e. is it enough to remove the route into the local LAN for this to be >>blocked >>and only allowing web access forwarding? > >So today I tried this: > > >topology subnet >server

Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread Antonio Quartulli
Hi, On 20/10/2023 21:35, Bo Berglund wrote: What have I missed? Breaking your setup in mysterious ways is not going to help :-) As Gert pointed out, what you want to achieve requires configuring the firewall to prevent access to the LAN subnet. Cheers, -- Antonio Quartulli

Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread Bo Berglund
On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote: >I.e. is it enough to remove the route into the local LAN for this to be blocked >and only allowing web access forwarding? So today I tried this: topology subnet server 10.13.149.0 255.255.255.0 'nopool' multihome #Operate on both eth0

Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread Jochen Bern
On 20.10.23 05:31, Bo Berglund wrote: Does this mean that when the client tries to access the server side gateway device (router) he will not be blocked but all other addresses will? The gateway is on the LAN and it gets traffic from the tunnel, but does it mean that its address is also open

Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

2023-10-20 Thread Gert Doering
Hi, On Thu, Oct 19, 2023 at 06:11:48PM -0400, Bo Berglund wrote: > What is the simplest way to accomplish this? You need to involve local firewalling to do this. > What do I need to do to get the web only config? > > push "redirect-gateway def1 bypass-dhcp" #This makes the client access >