Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filtering traffic between two client subnets on same tap VPN server

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 420 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FuriousGeorge
      last edited by

      It appears that if I enable the client-to-client setting for my VPN server, and then the two clients add gateways pointing to each other's tap iface IP, and then add routes to each other's subnet via those gateways, AND then finally set up their rules correctly…

      Then there is nothing I can do on the server side to stop traffic from flowing between them.

      My supposition is that this is a result of it being Layer 2 traffic.

      Is there anything I can do about that?

      Also, what are some of the implications of this I may not be realizing?    I'm not sure, for instance, how I was not getting DHCP server conflicts between the client sites I had set up previously.  In any case I am now blocking 67-68 TCP on the ovpn interface.

      In some cases I do want to allow client subnets to reach each other., but that doesn't mean I want all traffic to pass or none.

      Other than using tun, is there a different setup that might allow me more control from the server side.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.