Re: [Openvpn-users] OPenVPN 2.5 - How to allow client access to the web but not to the local LAN?

Fri, 20 Oct 2023 16:35:23 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256




Hi,

------- Original Message -------
On Friday, October 20th, 2023 at 23:39, Bo Berglund <bo.bergl...@gmail.com> 
wrote:


> On Fri, 20 Oct 2023 22:12:18 +0200, Antonio Quartulli a...@unstable.cc wrote:
> 
> > Hi,
> > 
> > On 20/10/2023 21:35, Bo Berglund wrote:
> > 
> > > What have I missed?
> > 
> > Breaking your setup in mysterious ways is not going to help :-)
> > 
> > As Gert pointed out, what you want to achieve requires configuring the
> > firewall to prevent access to the LAN subnet.

I also pointed that out ;-)


> 
> So you mean using the same service conf file as for the web + LAN operation, 
> but
> with a different tunnel subnet and different port?
> 
> That would allow LAN access.

This makes no sense.

FWIW, openvpn does not control your firewall or network or do magic.
It is a secure tunnel between peers. All the rest is clever tricks.


>
> Then using IPTABLES blocking sucg LAN access for that tunnel range.
> 
> I will make some new tests later and see if that is working.
> 
> I am worried that if the destination happens to be the gateway to the 
> internet,
> like it would when browsing via the tunnel, will it be allowed???

This is a case of not understanding how IP works.

For example; if you want to browse the Openvpn Forum, you will send packets to
3.72.228.171, not your local router address.

The same is true for tunneling your internet browsing.

HTH

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAnBYJlMw32CZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr
kLidAADwggf/YKg/0puK6EcrhAdXpiskP3e1jGq48aFaGTWIBvLnc6zv9x0J
5mMH0hrZg1Enpf1f6G8deEhHW2rEjefFarvUeChLf1OsD/n1VWwdqLJo9HMD
aCrVdyBf6qdHXVb7tORkNUefdp6/Ar01VUdkpEBwgUe/WIhdstUzD4J5xxMJ
CbbyYZ5FwFW3fN0Cq9nGA0EvbKQsSEaAmCSdYv+B/q7baBR8kJq9AcRmwNbT
R01WESj+tV869Onqsrfasvk4GX6+jBTvbuXFbtNQLrfx9c9Ia+82t4Vv6B/t
uxEmSifIceb1OEJ+ShBhtWGprBultOYQDzHHm3Qn7aVYj50eJ9B3sQ==
=7UJt
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users























					Reply via email to