Answer the question
In order to leave comments, you need to log in
How to differentiate access between VPN users?
Hello. There is an OpenVPN server on the Internet on CentOS. Tap mode (ethernet bridge). IP addresses for all clients are specified manually.
Service servers are given addresses from subnet 0 (10.30.0.0)
When connecting to the server, our office is given addresses from subnet 1 (10.30.1.0).
Our clients are given subnet addresses 2,3,4 (10.30.2.0, 10.30.3.0, 10.30.4.0), etc.
The mask that is set for everyone is 255.255.0.0.
Satisfied with everything, except for one moment. Everyone sees each other.
Requiring our clients not to have access to each other, but to have access to our service servers.
Well, our office should naturally have access to all points, as well as service servers. They also need to see everyone.
The first thing that comes to mind is how to sort out the iptables rules on the OpenVPN server based on the subnet.
Or maybe there are some solutions for this. In which direction to at least dig, please direct.
Answer the question
In order to leave comments, you need to log in
Use subnet /30 for the client tunnel network. Manage access to resources by routing and iptables
upd: and yes, change the mode of operation to TUN. So you have a large stretched L2 segment and everyone sees everyone at this level.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question