"Client-to-client" for dedicated clients only…



  • I have successfully set up 2 OpenVPN servers on a pfsense 1.2.3-RELEASE. 16 clients are connecting, and communication works well both ways.

    Now, 1 of the clients should be granted access to communicate directly with other clients… I have tried to limit access with firewall rules and the option "Client-to-client VPN" option enabled, but it seems like the "Client-to-client VPN" option overrule the firewall rules? My firewall only works for limiting VPN clients access to physical interfaces, not VPN IP pools.

    Any clever ways to achieve this goal?



  • Am I really so bad at explaining my issue that no one understand what I'm talking about, or does nobody have the need to grant only a few users access to other clients?

    All clients to all clients = OK.
    No clients to no clients = OK.
    Some clients to some clients = my problem.

    Somebody must have been in my boat before?


  • Rebel Alliance Developer Netgate

    Make a separate OpenVPN server instance for the higher tier user, and allow access via firewall rules.

    http://doc.pfsense.org/index.php/OpenVPN_Traffic_Filtering_on_1.2.3



  • Yeah? Very sparse on details, I'll have to start guessing my way. At least, by your reply I know it's probably possible. Thank you.


Locked