VPN LAN client to client communication with CVE-2019-14899?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Rocketboy235
DD-WRT User


Joined: 14 Oct 2016
Posts: 78
Location: United States

PostPosted: Sat Jul 04, 2020 21:33    Post subject: VPN LAN client to client communication with CVE-2019-14899? Reply with quote
Hello,

So I looked into CVE-2019-14899 and just realized how it impacts the ability to have a VPN client interact with a client on the network.

They added a button to disable that mitigation patch but I also saw some Iptable commands that could be used. I was going through the OpenVPN server guide (by egc) on page 7 and saw that the one of the following Iptable commands could be used.

source: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795

One is
iptables -t nat -I POSTROUTING -o br0 -s $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j
MASQUERADE

while the other is
iptables -t raw -I PREROUTING -i br0 -d $(nvram get openvpn_net)/$(nvram get openvpn_tunmask) -j
ACCEPT

I am currently trying to understand if the first iptable command is no different than simply disabling the mitigation checkbox method in the Web GUI?

And my other question is what would be the difference between the two Iptable commands?

For the second one, I'm not sure if I applied it correctly but I tried applying it via web administration console after VPN is already started and it appears nothing is happening. It seems like this 2nd Iptable command might be better (in terms of security?) but I'm not too sure.
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum