"Client-to-client" for dedicated clients only…

netphreak

I have successfully set up 2 OpenVPN servers on a pfsense 1.2.3-RELEASE. 16 clients are connecting, and communication works well both ways.

Now, 1 of the clients should be granted access to communicate directly with other clients… I have tried to limit access with firewall rules and the option "Client-to-client VPN" option enabled, but it seems like the "Client-to-client VPN" option overrule the firewall rules? My firewall only works for limiting VPN clients access to physical interfaces, not VPN IP pools.

Any clever ways to achieve this goal?

netphreak

Am I really so bad at explaining my issue that no one understand what I'm talking about, or does nobody have the need to grant only a few users access to other clients?

All clients to all clients = OK.
No clients to no clients = OK.
Some clients to some clients = my problem.

Somebody must have been in my boat before?

jimp

Make a separate OpenVPN server instance for the higher tier user, and allow access via firewall rules.

http://doc.pfsense.org/index.php/OpenVPN_Traffic_Filtering_on_1.2.3

netphreak

Yeah? Very sparse on details, I'll have to start guessing my way. At least, by your reply I know it's probably possible. Thank you.