0

i have 2 openvpn daemon running in a virtual machine with centos7. The first daemon work fine for 6 months now, and it's used by administrators.

Now i need to start another 1, and it's used only for viewing client machine each others. Well, the problem is the setting of firewalld.

I don't understand how to setting the second tap/tun for blocking access from openvpn's client to all other subnets.

I tried to specify the interfaces from different zones with services rule, in the same zone with rich rules, in different zones with rich rules, but nothing.

now i reset the rules for only first openvpn daemon. Can anyone help me to find a way?

I'm sorry for my english... I know it's so bad...

Here openvpn.conf

     port 21196
     proto udp
     dev tun2
     ca ./sacred/ca.crt
     cert ./sacred/sacred.crt
     key ./sacred/sacred.key  # This file should be kept secret
     dh ./sacred/dh4096.pem
     server 10.40.0.0 255.255.255.248
     route 10.40.0.0 255.255.255.248
     push "route 10.40.0.0 255.255.255.248"
     client-config-dir sacred/ccd
     route 10.40.0.0 255.255.255.248
     client-to-client
     keepalive 10 120
     tls-auth ./sacred/ta.key 0 # This file is secret
     cipher AES-256-GCM
     auth SHA512
     tls-version-min 1.2
     tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
     user srvvpn
     group nobody
     reneg-sec 60
     persist-key
     persist-tun
     status openvpn-sacred.log
     verb 9
Komo
  • 1
  • 2

1 Answers1

0

The settings I searched with FirewallD seems to be hard to find, so I found an another way... I used another VM with similar settings and a dedicated FirewallD settings for this "Employees" subnet.

If someone think can help me I would be pleasure to give it another try.

Thanks

Komo
  • 1
  • 2