[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Filter on tap device

  • Subject: Re: [Openvpn-users] Filter on tap device
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Fri, 21 Dec 2007 14:26:28 +0100

 From reading the openvpn source code (file multi.c) I'd say that 
client-to-client is treated nearly the same for TAP or TUN connections 
(bridged tap connections are different). Of course, the easiest thing to 
do is to connect 2 clients *without* client-to-client and then try to 
ping each other.



Marco Fretz wrote:
> hi
> but this is only in TUN mode isnt it? i cant find anything like 
> client-to-client in TAP mode. but for my needs i have to use TAP 
> instead of TUN
> thx
> marco
> Jan Just Keijser wrote:
>> hi Marco,
>> as long as you don't have the server directive
>>  client-to-client
>> in your server config file then clients should not be allowed to 
>> connect to each other.
>> HTH,
>> JJK
>> Marco wrote:
>>> hello
>>> ive got an openvpn server running with TAP. i want to block traffic 
>>> from client A to client B. client A and client B are both connected 
>>> over the same openvpn server process (same server tap device)
>>> is this possible? can i block such traffic with iptables on the tap0 
>>> interface on the openvpn server?
>>> i think that want be possible cause TAP is like Layer2 and the 
>>> packets may be forwarded inside the opevpn process and not over the 
>>> tap0 device

Openvpn-users mailing list