Hi, On Wed, Jun 14, 2017 at 12:52:05PM +0200, David Sommerseth wrote: > > for client-to-server traffic this looks correct ; client-to-client > > traffic is another matter. > > Yes, good point. But that traffic never hits the tun/tap interface > (unless the destination IP is a broadcast address; and IIRC, OpenVPN > treats multicast as unicast traffic).
And unless "--client-to-client" is not set (which it isn't by default!).
Then the openvpn server will forward all client-to-client traffic towards
the tun/tap interface, only to have the other side send it back *after
firewall inspection*.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
