4. Filtering traffic between two client subnets on same tap VPN server

Filtering traffic between two client subnets on same tap VPN server

  • F

    It appears that if I enable the client-to-client setting for my VPN server, and then the two clients add gateways pointing to each other's tap iface IP, and then add routes to each other's subnet via those gateways, AND then finally set up their rules correctly…

    Then there is nothing I can do on the server side to stop traffic from flowing between them.

    My supposition is that this is a result of it being Layer 2 traffic.

    Is there anything I can do about that?

    Also, what are some of the implications of this I may not be realizing?    I'm not sure, for instance, how I was not getting DHCP server conflicts between the client sites I had set up previously.  In any case I am now blocking 67-68 TCP on the ovpn interface.

    In some cases I do want to allow client subnets to reach each other., but that doesn't mean I want all traffic to pass or none.

    Other than using tun, is there a different setup that might allow me more control from the server side.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy