On Tue, Jun 13, 2017 at 06:26:45PM -0400, Pippin1st wrote: > > in your diagram, on the sending side, packets cross the > > routing/iptables block twice before getting to OpenVPN: > > 1) once while going from the app to the tun0 interface > > 2) once while going from tun0 to OpenVPN > > > What you are saying above is correct and it is about point 1). > > My argument was about point 2): once packets have entered tun0, > > they directly go to the OpenVPN process (which is attached to tun0), > > without being processed by routing/iptables again. > > Aah ok, so rules are applied from OpenVPN > to > tun. > So, in the example of the owner module and my previous link > to backreference OpenVPN itself is also Apps, > there i was confused. > > Thanks for clearing that up. > Please see attached image, i think it`s correct *enough* now.
Same I said would apply to packets coming in: when going from OpenVPN to tun0 they would not be subject to routing/iptables. Basically the idea is that OpenVPN and the tun0 interface are directly attached, so I/O between the two is direct. Cheers, -- Antonio Quartulli ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
