Menu
▾
▴
Re: [Openvpn-users] Options error: Unrecognized option or missing or extra parameter(s)
|
From: Jochen B. <Joc...@bi...> - 2023-07-31 13:03:13
|
On 31.07.23 13:42, Jason Long wrote: > And added the following lines to the client.ovpn file: > > route 172.20.1.0 255.255.255.0 > push "dhcp-option dns 172.20.1.2" > push "dhcp-option dns 172.20.1.7" > dhcp-option DOMAIN MY_DOMAIN (I would *hope* that clients *cannot* "push" any settings to a central server's OpenVPN ...) > My problem is that I did it by enabling the IP Forwarding. I wanted > to do it without it. I guess that I must to enable the IP Forwarding > because of my OpenVPN server NICs. It has two NICs (NAT and Local) > and because of it I must enable IP Forwarding. > What is your opinion? Traffic from and to the VPN clients flows between your server's enps0s3 and tun... interfaces, so I'm pretty sure that iptables+kernel *do* consider them "forwarded" and enabling forwarding is *required* for things to work. Even if you could somehow trick the server OS into thinking differently about it, it's clearly "forwarded" traffic from a network design perspective and I don't see the advantage of treating it as anything else. Kind regards, -- Jochen Bern Systemingenieur Binect GmbH |
