![]() '-' (iptables, nftables, conntrack, tc, etc. | IP Layer | (4) routing, firewall, NAT, etc. If client-to-client is disabled, the packets from a client to another client go through the host IP layer (iptables, routing table, etc.) of the machine hosting the VPN server: if IP forwarding is enabled, the host might forward the packet (using its routing table) again to the TUN interface and the VPN daemon will forward the packet to the correct client inside the tunnel. The host networking stack does not see those packets at all. If client-to-client is enabled, the VPN server forwards client-to-client packets internally without sending them to the IP layer of the host (i.e. Plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login Why can the clients continue to communicate to each other when this option is disabled? Otherwise, each client will only see the server. When this option is used, each client will 'see' the other clients which are currently connected. Byĭefault, clients will only be able to reach the server. The -client-to-client flag tells OpenVPN to internally route client-to-client traffic rather than pushing all client-originating traffic to the TUN/TAP interface. Uncomment out the client-to-client directive if you would likeĬonnecting clients to be able to reach each other over the VPN. The client-to-client config should prevent this according to the documentation: When using a TUN (layer 3) OpenVPN server with client-to-client disabled, my clients can still talk to each other.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |