Line 59: |
Line 59: |
| | | |
| Remote host/IP address - Public IP of the OpenVPN server's router | | Remote host/IP address - Public IP of the OpenVPN server's router |
− | | + | . |
| Remote network IP address - 10.0.0.0 | | Remote network IP address - 10.0.0.0 |
| | | |
Line 72: |
Line 72: |
| 5) Repeat this step for as many clients as You need. For this example, we will have 3 clients | | 5) Repeat this step for as many clients as You need. For this example, we will have 3 clients |
| | | |
− | <h1>Controlling access with traffic rules</h1> | + | <h1>Client to Client LAN network communication</h1> |
| + | |
| + | This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets |
| + | |
| + | 1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN |
| + | |
| + | |
| + | This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets |
| + | |
| + | 1) Create a route to other client LAN networks using WebUI or CLI. To create route from client 1's LAN to client 2's LAN using CLI use this command |
| + | |
| + | ip route add 192.168.20.0/24 via 10.0.0.6 |
| + | |
| + | <h1>Controlling access with firewall</h1> |
| + | |
| + | 1) Navigate to Network -> Firewall -> Access Control |
| + | |
| + | 2) Create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks |
| + | |
| + | Source interface - OpenVPN |
| + | |
| + | Destination interface - OpenVPN |
| + | |
| + | Source IP - OpenVPN remote IP and LAN subnet of client 3 |
| + | |
| + | Destination IP - other client OpenVPN remote endpoints and LAN subnets |
| | | |
− | 1)
| + | This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet |