Hi Everyone,
After some weeks of testing this config proved that it is working great.
Now I would like to restrict some clients from accessing certain services
on the VPN.
So I am trying it with iptables but even if I add a really simple rule just
to drop everything coming from one client, it is not dropping.
So adding this:
iptables -A FORWARD -s 10.8.1.0 -j DROP
It does not have any effect. I can ping and reach everything from 10.8.1.0
on the VPN network.
[root@red fw]# iptables -L -v -n
Chain INPUT (policy ACCEPT 11 packets, 801 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 10.8.1.0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 6 packets, 745 bytes)
pkts bytes target prot opt in out source
destination
Do you have any idea how can I make it work? Even I tired to add it to
INPUT and OUTPUT.
Thank you,
2016-03-07 0:22 GMT+00:00 Zoltán Szabó <[email protected]>:
> Hi Selva,
>
> Many thanks. I restarted my machine, and removed ipp and also had to add
> these lines to the dhcp client's config to make it work:
> route-delay 5
> route-method exe
> ip-win32 netsh
>
> Now I can reach the static ip client from the dhcp client. I will run some
> tests and hopefully it will work with all clients.
>
> Thank you
>
> 2016-03-06 21:51 GMT+00:00 Selva Nair <[email protected]>:
>
>>
>> On Sun, Mar 6, 2016 at 4:18 PM, Zoltán Szabó <[email protected]> wrote:
>>
>>> Ok it is better now after some changes, IP addresses are assigned
>>> correctly from the two ranges. but non of the clients can reach each other,
>>> even ping is not working.
>>>
>>
>>
>> Your configs look ok, but the routing table on the dhcp client is wrong.
>> You probably have a stale connection running on it already with net30
>> topology. Or at least routes left over from an old connection. There could
>> be stale entries in ipp.txt as well. Clean them up, make sure no openvpn is
>> running and preferably reboot or do a supend-resume on the client to get
>> the tap driver to a clean state.
>>
>> Anyway the connection on the dhcp client failed so no point in trying to
>> check connectivity between clients.
>>
>> I strongly urge you to first get two clients on dhcp (do not use any ipp
>> file until everything is working). Then check the connectivity between
>> those two dhcp clients. As I hinted in my earlier response, getting
>> client-to-client to work between the static IP client and others may be
>> trickier.
>>
>> Selva
>>
>
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
