I'm trying to configure my OpenVPN server (Ubuntu 16.04) such that clients cannot communicate with any other device except for the OpenVPN server itself. I've tried removing client-to-client from my server config, but this does not stop pings from going through, presumably because the OS is routing packets from tun0 back through the interface. I've tried the solution proposed here, but it had no effect. I'm using ufw to configure my firewall, and tried adding this rule to iptables both directly and in /etc/ufw/before.rules, but nothing changes. I've also investigated using OpenVPN's internal packet filter, but documentation on this feature is sparse. The sample server config states that "to force clients to only see the server, you will also need to appropriately firewall the server's TUN/TAP interface," but it's not clear to me how this can be accomplished using ufw or iptables.
Asked
Active
Viewed 649 times
