firewalling / netfilter / iptables / tcpdump on the vpn

Guus Sliepen guus at tinc-vpn.org
Mon May 8 16:42:31 CEST 2006


On Mon, May 08, 2006 at 09:11:34AM -0400, xavier wrote:

> I tried tinc, i'm very happy with it  ;
> however, i have difficulties firewalling on the vpn itself ;
> here is my situation and what i'm experiencing:
> 
> hosta ----|
>          vpn server
> hostb ----|
[...]
> i can't see the traffic between host a and b,
> even if technically it's going through the vpn server (i can see the
> encrypted traffic on eth0 of the vpn server)
> 
> it's a problem when you want to rescrict access from the vpn server, between 2 vpn hosts.
> 
> any solution ?

You can try to add the following two lines to route_ipv4_unicast() in
src/route.c right above the line "via = ...":

	send_packet(myself, packet);
	return;

You can also do the same in route_ipv6_unicast() if you also use IPv6 on
the VPN.

If this works without problems for you, I can make an option that
enables that behaviour.

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20060508/ca4e270d/attachment.pgp


More information about the tinc mailing list