1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenVPN (Tomato): Only allow some IPs/LAN-Clients

Discussion in 'Tomato Firmware' started by hacker3000, Jul 4, 2014.

  1. hacker3000

    hacker3000 Serious Server Member

    Hi guys!

    I've set up an OpenVPN connection (TAP) between 2 Tomato routers. Both have the subnet 192.168.1.0/24. I know it's not recommended, but I can't change them now. Anyway the connection is working.

    On one side (OpenVPN-Client) I have PC1 with IP 192.168.1.56, on the other side (OpenVPN-Server) I have PC2 with IP 192.168.1.3. I just want to allow the connection between those 2 PCs, they don't should have access to the other LAN-Clients.

    On the Tomato with OpenVPN-Server i set Firewall to custom. Ping between PC1 and PC2 doesn't work anymore, OK.

    As soon as I put this:
    iptables -I INPUT -p udp --destination-port 1194 -j ACCEPT
    Ping starts working again, OK.

    Then I put this:
    iptables -I INPUT -i tap21 -d 0.0.0.0/0 -j DROP
    iptables -I FORWARD -i tap21 -d 0.0.0.0/0 -j DROP
    Ping still works. Why??? Shouldn't it now block the connection?

    So that i can put this:
    iptables -I INPUT -i tap21 -d 192.168.1.3 -j ACCEPT
    iptables -I FORWARD -i tap21 -d 192.168.1.3 -j ACCEPT
    and only have access to PC2?

    Hope someone can help me out...

    Thanks!
     

Share This Page