One question regarding TAP: I want to create a “virtual” LAN of OpenVPN users: They must be able to see each other but they don’t need access to the server’s LAN (except for a website on the VPN server itself). I want the packets to go through the server’s kernel to perform MAC-based custom filtering (I’ll save you the why because it’s fairly long) hence no –client-to-client.

Do I absolutely have to use bridging since I don’t need the VPN clients to access the server LAN (only the other VPN clients)?

Since I didn’t receive any reply on the OpenVPN ML, I thought I’d ask your help.

TIA,

Serge.

PS: BTW there’s a strange bug in this comment edit box (Browser=IE6): When you type, the box widens to just a little more than the browser’s width makes it difficult to re-read what you just type!