Hi,
On Fri, Oct 20, 2023 at 06:39:54PM -0400, Bo Berglund wrote:
> I am worried that if the destination happens to be the gateway to the
> internet,
> like it would when browsing via the tunnel, will it be allowed???
iptables looks at the actual destination IP in the packet.
So if your gateway
On Fri, 20 Oct 2023 18:39:54 -0400, Bo Berglund wrote:
>On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli wrote:
>
>>Hi,
>>
>>On 20/10/2023 21:35, Bo Berglund wrote:
>>> What have I missed?
>>
>>Breaking your setup in mysterious ways is not going to help :-)
>>
>>As Gert pointed out, what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 23:39, Bo Berglund
wrote:
> On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli a...@unstable.cc wrote:
>
> > Hi,
> >
> > On 20/10/2023 21:35, Bo Berglund wrote:
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 21:17, Bo Berglund
wrote:
> On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund bo.bergl...@gmail.com wrote:
>
> > On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund
On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli wrote:
>Hi,
>
>On 20/10/2023 21:35, Bo Berglund wrote:
>> What have I missed?
>
>Breaking your setup in mysterious ways is not going to help :-)
>
>As Gert pointed out, what you want to achieve requires configuring the
>firewall to prevent
On Fri, 20 Oct 2023 15:35:30 -0400, Bo Berglund wrote:
>On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote:
>
>>I.e. is it enough to remove the route into the local LAN for this to be
>>blocked
>>and only allowing web access forwarding?
>
>So today I tried this:
>
>
>topology subnet
>server
Hi,
On 20/10/2023 21:35, Bo Berglund wrote:
What have I missed?
Breaking your setup in mysterious ways is not going to help :-)
As Gert pointed out, what you want to achieve requires configuring the
firewall to prevent access to the LAN subnet.
Cheers,
--
Antonio Quartulli
On Thu, 19 Oct 2023 18:11:48 -0400, Bo Berglund wrote:
>I.e. is it enough to remove the route into the local LAN for this to be blocked
>and only allowing web access forwarding?
So today I tried this:
topology subnet
server 10.13.149.0 255.255.255.0 'nopool'
multihome #Operate on both eth0
On 20.10.23 05:31, Bo Berglund wrote:
Does this mean that when the client tries to access the server side gateway
device (router) he will not be blocked but all other addresses will?
The gateway is on the LAN and it gets traffic from the tunnel, but does it mean
that its address is also open
Hi,
On Thu, Oct 19, 2023 at 06:11:48PM -0400, Bo Berglund wrote:
> What is the simplest way to accomplish this?
You need to involve local firewalling to do this.
> What do I need to do to get the web only config?
>
> push "redirect-gateway def1 bypass-dhcp" #This makes the client access
>
On Fri, 20 Oct 2023 01:22:17 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>--- Original Message ---
>On Friday, October 20th, 2023 at 00:31, Bo Berglund
>wrote:
>
>
>
>> I have done that previously using ccd commands to assign a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 00:31, Bo Berglund
wrote:
> I have done that previously using ccd commands to assign a user a specific IP
> address and then block that address in IPTABLEWS from reaching
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Friday, October 20th, 2023 at 00:31, Bo Berglund
wrote:
> On Thu, 19 Oct 2023 22:52:12 +, tincantech via Openvpn-users
> openvpn-users@lists.sourceforge.net wrote:
>
> > I think I have misunderstood
On Thu, 19 Oct 2023 22:52:12 +, tincantech via Openvpn-users
wrote:
>I think I have misunderstood above.
>
>You want to take away client access to the server LAN.
Yes, I want these clients to only use the VPN server as a way to reach the
Internet from anothere lo0cation than their own. But
On Thu, 19 Oct 2023 22:39:29 +, tincantech via Openvpn-users
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>--- Original Message ---
>On Thursday, October 19th, 2023 at 23:11, Bo Berglund
>wrote:
>
>
>
>> Now I would like to add one more type, web-only:
>> 4 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, October 19th, 2023 at 23:39, tincantech via Openvpn-users
wrote:
> Hi,
>
> --- Original Message ---
> On Thursday, October 19th, 2023 at 23:11, Bo Berglund bo.bergl...@gmail.com
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
--- Original Message ---
On Thursday, October 19th, 2023 at 23:11, Bo Berglund
wrote:
> Now I would like to add one more type, web-only:
> 4 - Clent can only access the web through the server side gateway but not the
> local LAN
>
17 matches
Mail list logo