Hi, On Thu, Oct 19, 2023 at 06:11:48PM -0400, Bo Berglund wrote: > What is the simplest way to accomplish this?
You need to involve local firewalling to do this.
> What do I need to do to get the web only config?
>
> push "redirect-gateway def1 bypass-dhcp" #This makes the client access
> Internet
> push "dhcp-option DNS 208.67.222.222"
> push "dhcp-option DNS 8.8.8.8"
>
> I.e. is it enough to remove the route into the local LAN for this to be
> blocked
> and only allowing web access forwarding?
The problem is "redirect-gateway" automatically includes "the LAN on the
server side" - so the client will send packets your way, and OpenVPN
does not know you do not want this to happen.
So, iptables on the tun interface.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
