On Thu, 19 Oct 2023 22:52:12 +0000, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>I think I have misunderstood above. > >You want to take away client access to the server LAN. Yes, I want these clients to only use the VPN server as a way to reach the Internet from anothere lo0cation than their own. But not allowing them to reach into the VPN server's loacal LAN. I will set up another server instance usingf a different tunnel IP range and then create some IPTABLES rule to drop any such clients if they send packets to a host on the same LAN as the server is running on. I have done that previously using ccd commands to assign a user a specific IP address and then block that address in IPTABLEWS from reaching the LAN (except the gateway of course). But itr was a bit of a hassle so I hoped I could make a web-only server that would only transfer packets to the web and not to the LAN. >That must be done with the server firewall. >eg: block VPN IPs from sending to the server LAN. THat's IPTABLES, right? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
