-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
------- Original Message ------- On Thursday, October 19th, 2023 at 23:39, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote: > Hi, > > ------- Original Message ------- > On Thursday, October 19th, 2023 at 23:11, Bo Berglund bo.bergl...@gmail.com > wrote: > > > > > > Now I would like to add one more type, web-only: > > 4 - Clent can only access the web through the server side gateway but not > > the > > local LAN > > > > What is the simplest way to accomplish this? > > > <snip> > > > I.e. is it enough to remove the route into the local LAN for this to be > > blocked > > and only allowing web access forwarding? > > > This sounds like you want the --redirect-gateway flag 'block-local'. eg: > `redirect-gateway def1 block-local` > > Does that work for you ? I think I have misunderstood above. You want to take away client access to the server LAN. That must be done with the server firewall. eg: block VPN IPs from sending to the server LAN. HTH -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBYJlMbMJCZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAACJzwf/V1Ymk7S/a85/gkN80me2ltL5jkK+OEje3pphSFxu/0wQCrgs laU7JObgm3boZ/NvrLUQCsYCZDGK3bswaAUM1sapAhdmxj9FKf3Ii/teMj6G /Zj1M5ny4rsJjaEZ6xd7E4eo+Dhis/ll28jdbgxCejuKbSsIcPPxwS3iBWYe m8ABEjUXOW7eMP0pqPJKQVYbFsrpQ/MBv45kUQIjX9uPtl+VacXaJVWmXw2A 8hsUKoO+jtwCpAraPP30K2nMR0r8KWzVFIL89zdc0GGcUq99gppDQQWa4ioy BJwcJCoHsEbhRpeefemsD0kFK8s4cZkSGKJZCNgun34bntuandy9rQ== =LoEv -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
