|
|
Hi Seather Fwbuilder is your friend (www.fwbuilder.org). Handling iptables on the cli is not my favorite so fwbuilder is the gui alternative and it is quite good, easy to install and easy to use. If you would like to know iptables you just look into the script fwbuilder generates. /Domingo On Wed, January 11, 2006 02:33, Seather wrote: > > Leonard Isham wrote: > > >> On 1/10/06, Seather <seather@xxxxxxxxxxxxx> wrote: >> >> >> >>> Hi there everyone, >>> >>> >>> I have followed the OpenVPN 2.0 howto on the website and set up a >>> routed VPN. The purpose of this VPN is to put all of the servers I >>> administrate on (some can only be accessed through vpn since they on >>> insides of networks where admins refuse to forward ports). For the >>> occasional login, pings for status checkups with nagios, et cetera. >>> >>> I have enabled the "client-to-client" option in the server's >>> configuration file, so all clients can access all clients. However >>> this is not how I want it. This is an example of the setup (star >>> topology): >>> >>> >>> Desktop Laptop >>> >>> >>> >>> VPN Server >>> >>> >>> >>> Box1 Box2 Box3 Box4 >>> >>> >>> >>> I'd like Desktop, Laptop and VPN Server to have access to any of the >>> vpn clients and vpn server. I'd like Box1 .. Box4 be able to talk to >>> the VPN Server and vice versa, but not have access to any other client >>> in the vpn. In other words, Box1 must not be able to connect to Box2 >>> and so forth. >>> >>> A better way of explaining might be this: >>> >>> >>> For Box1 to Box4, I'd like the VPN to behave as if "client-to-client" >>> is not enabled For Desktop, Laptop, I'd like the VPN to behave as if >>> "client-to-client" >>> is enabled >>> >>> Unfortunately I have no idea on how to accomplish this at all. Should >>> it be firewall, routing or configuration issues? I'd prefer to have >>> this access idea controlled from the server. >>> >>> Anyone that can please point me in the right direction? >>> >>> >>> >>> >> >> Disable client-to-client is is all or nothing. >> >> >> Use both: >> client-config-dir dir : Directory for custom client config files. >> ccd-exclusive : Refuse connection unless custom client config is found. >> >> >> Assign IP addresses in the configuration files and use iptables to >> restrict access. If your server happens to be Windows I'd recommend >> Linux. >> >> >> > Thanks a lot, I have all the clients' ip addresses now configured (this > is a linux server), but still don't know how to do the iptables on this. > Could you perhaps advise on that? I do have some iptables experience. > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > !DSPAM:43c45bbe201441462020992! > > > -- > This mail was scanned by AntiVir MailGate. > This product is licensed for non-commercial use. > See http://www.antivir.de/ for details. > > -- This mail was scanned by AntiVir MailGate. This product is licensed for non-commercial use. See http://www.antivir.de/ for details. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |