OpenVPN (Tomato): Only allow some IPs/LAN-Clients

Discussion in 'Tomato Firmware' started by hacker3000, Jul 4, 2014.

  1. hacker3000

    hacker3000 Serious Server Member

    Hi guys!

    I've set up an OpenVPN connection (TAP) between 2 Tomato routers. Both have the subnet 192.168.1.0/24. I know it's not recommended, but I can't change them now. Anyway the connection is working.

    On one side (OpenVPN-Client) I have PC1 with IP 192.168.1.56, on the other side (OpenVPN-Server) I have PC2 with IP 192.168.1.3. I just want to allow the connection between those 2 PCs, they don't should have access to the other LAN-Clients.

    On the Tomato with OpenVPN-Server i set Firewall to custom. Ping between PC1 and PC2 doesn't work anymore, OK.

    As soon as I put this:
    iptables -I INPUT -p udp --destination-port 1194 -j ACCEPT
    Ping starts working again, OK.

    Then I put this:
    iptables -I INPUT -i tap21 -d 0.0.0.0/0 -j DROP
    iptables -I FORWARD -i tap21 -d 0.0.0.0/0 -j DROP
    Ping still works. Why??? Shouldn't it now block the connection?

    So that i can put this:
    iptables -I INPUT -i tap21 -d 192.168.1.3 -j ACCEPT
    iptables -I FORWARD -i tap21 -d 192.168.1.3 -j ACCEPT
    and only have access to PC2?

    Hope someone can help me out...

    Thanks!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice