On Fri, 20 Oct 2023 01:22:17 +0000, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >Hi, > >------- Original Message ------- >On Friday, October 20th, 2023 at 00:31, Bo Berglund <bo.bergl...@gmail.com> >wrote: > ><snip> > >> I have done that previously using ccd commands to assign a user a specific IP >> address and then block that address in IPTABLEWS from reaching the LAN >> (except >> the gateway of course). > >You do not need to make an exception for the Server LAN gateway. >Your client gateway has been redirected to the Server IP, not the Server GW IP. > >In your case, the iptables rule to block the entire Server LAN is what you >need. >This still allows client<to>internet traffic to flow. > >enjoy! OK, thanks. Does this mean that when the client tries to access the server side gateway device (router) he will not be blocked but all other addresses will? The gateway is on the LAN and it gets traffic from the tunnel, but does it mean that its address is also open for direct access like for the config page of the router? Will test tomorrow. -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
