On 20/11/2021 18:18, lejeczek via Openvpn-users wrote:
On 19/11/2021 19:13, Gert Doering wrote:
Hi,
On Fri, Nov 19, 2021 at 02:53:17PM +0000, lejeczek via
Openvpn-users wrote:
client-to-client works. I did disable it as per your
suggestion to "unset" and am trying to work it out through
rules which would allow.
But similarly enabled 'client-to-client' also seems to
escape my rules to drop.
What I am hoping for is some docs on the 'magic' bits
'client-to-client' do in nftables, if any.
client-to-client does packet forwarding inside openvpn,
no nftables
involved (and nftables has no chance to filter).
without client-to-client, packets go to the linux tun
interface, and
are *returned* (incoming = tun, outgoing = tun) and
openvpn forwards
it then to the other client. In that case, nftables can
affect them.
gert
A feeling that there is something not working there
between the two, grows.
firewalld does not log any dropped packets which makes me
think that with latest CentOS Steam 8 Ovpn does not do
that part, for whatever reason.
Stopping firewalld, which clears nftables pretty well, I
think all is 'accpet' then, also makes not difference.
thanks, L.
I'd never suspect a "big" update of OS to change some bit
such as kernel sysctl.
all good now.
thanks, L.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
