Hi, I have setted up vpn rules for openvpn , rules are working between vpn clients and the lan however, all trafic is allowed between vpn clients (and I did not setted up routeback option in zones) !! and finally the link of mark zonzon regarding selective communication between openvpn clients is dead in the docs. Best Regards S.Ancelot ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
On Openvpn configuration you cat setup this. # Uncomment this directive to allow different # clients to be able to "see" each other. # By default, clients will only see the server. # To force clients to only see the server, you # will also need to appropriately firewall the # server''s TUN/TAP interface. ;client-to-client [ ]''s On Wed, Aug 26, 2009 at 10:26, <sancelot@free.fr> wrote:> Hi, > I have setted up vpn rules for openvpn , rules are working between vpn > clients and the lan > however, all trafic is allowed between vpn clients (and I did not setted up > routeback option in zones) !! > > and finally the link of mark zonzon regarding selective communication > between openvpn clients is dead in the docs. > Best Regards > S.Ancelot > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what''s new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Bruno Ayub. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Tom Eastep wrote:> sancelot@free.fr wrote: >> Hi, >> I have setted up vpn rules for openvpn , rules are working between vpn clients and the lan >> however, all trafic is allowed between vpn clients (and I did not setted up routeback option in zones) !! > > If you are using a routed OpenVPN configuration, don''t specify > ''client-to-client''; that will cause the OpenVPN server to route between > the clients internally. > >> and finally the link of mark zonzon regarding selective communication between openvpn clients is dead in the docs. > > I''ve removed the link.I also changed the ''and'' at the end of the first bullet to ''or'' since either of those measures will allow client-to-client communications. ''client-to-client'' is preferred because it is more efficient. Using ''routeback'' allows you to control client to client traffic by setting the vpn->vpn policy to REJECT and adding the appropriate vpn->vpn ACCEPT rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
----- Mail d'origine ----- De: Tom Eastep <teastep@shorewall.net> À: Shorewall Users <shorewall-users@lists.sourceforge.net> Envoyé: Wed, 26 Aug 2009 16:18:59 +0200 (CEST) Objet: Re: [Shorewall-users] howto block openvpn client to client access Tom Eastep wrote:> sancelot@free.fr wrote: >> Hi, >> I have setted up vpn rules for openvpn , rules are working between vpn clients and the lan >> however, all trafic is allowed between vpn clients (and I did not setted up routeback option in zones) !! > > If you are using a routed OpenVPN configuration, don't specify > 'client-to-client'; that will cause the OpenVPN server to route between > the clients internally. > >> and finally the link of mark zonzon regarding selective communication between openvpn clients is dead in the docs. > > I've removed the link.I also changed the 'and' at the end of the first bullet to 'or' since either of those measures will allow client-to-client communications. 'client-to-client' is preferred because it is more efficient. Using 'routeback' allows you to control client to client traffic by setting the vpn->vpn policy to REJECT and adding the appropriate vpn->vpn ACCEPT rules. Ok, now everything is as expected, vpn clients are using allowed firewall rules between each others , only needed adding a "route push ..."directive in the openvpn server Thanks ! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users