What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Site-to-site OVPN - block specific IP range on server side from reaching client side?

M

maxbraketorque

Very Senior Member
I have been using firewall-start to block a specific IP range on the server side of my site-to-site OVPN connections from reaching the client side. Is there a way to implement this directly in OVPN, either on the server side or client side configurations?
 
ColinTaylor said:
Can you post your current firewall-start rules so we can fully understand what you're asking for?
Click to expand...

This relates to the question I asked a few days about about using firewall-start on stock firmware. Asusmerlin no longer supports the AC68U, but Asus keeps cranking up updated stock firmwares for the AC68U. The only feature that I really use for Asusmerlin on my AC68U is firewall-start to block a specific range of IP addresses on the OVPN server side from reaching the client side. The firewall-start rule on the server side is:

iptables -I FORWARD -s 192.168.37.128/26 -d 192.168.38.0/24 -j DROP

37 is the server side (the AC68U), and 38 is the client side (another Asus router at a remote location). Can I accomplish the same thing using an OVPN configuration command?
 
Hmm, tricky with stock firmware.

I assume you've disable NAT on the VPN link? What does the routing table look like on the server side (System Log - Routing Table)?
 
Before we continue with trying to configure OVPN to accomplish this, can I accomplish the same thing by using firewall-start IP tables on the client side which is a GT-AX6000 running Asusmerlin?
 
You must log in or register to reply here.

Similar threads

I
Challenge with tunneling internet for WG site to site from the server side
Replies
8
Views
1K
ivannn
I
Chuckles67
OVPN Server TCP connection established from same IP address
Replies
1
Views
400
ColinTaylor
C
E
Accessing remote lan over site to site from a Openvpn client
Replies
4
Views
867
elorimer
E
R
Site-to-Site wireguard VPN Server side cannot access to devices in client side
Replies
3
Views
1K
Jeffrey Young
J
M
OVPN HMAC authentication switching from SHA1 to SHA256
Replies
9
Views
1K
maxbraketorque
M
Similar threads
Thread starter Title Forum Replies Date
M All of a sudden some sites and some images on that site does not load images. Frontier Fiber with Merlin latest firmware AC-68U Asuswrt-Merlin 5
T Merlin firmware gui demo site? Asuswrt-Merlin 4
E Accessing remote lan over site to site from a Openvpn client Asuswrt-Merlin 4
B Please Help - OpenVPN Site-to-Site and Remote Access Setup – One Client, Two Servers (Asus RT-AC68U, Merlin 386.14_2) Asuswrt-Merlin 0
I Challenge with tunneling internet for WG site to site from the server side Asuswrt-Merlin 8
B RT-BE86U OpenVPN - cannot download ovpn file Asuswrt-Merlin 1
P ExpressVPN - Construct .ovpn config file for Dedicated IP Address Asuswrt-Merlin 13
Zakalwe Disallow OVPN clients on asuswrt-merlin from accessing ANY LAN devices, but allow WAN? Asuswrt-Merlin 3
Chuckles67 OVPN Server TCP connection established from same IP address Asuswrt-Merlin 1
M ovpn-client5[3561]: Connection reset, restarting [0] Asuswrt-Merlin 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,693 (members: 25, guests: 1,668)
Back
Top