Line 1: |
Line 1: |
− |
| |
| <h1>Introduction</h1> | | <h1>Introduction</h1> |
| | | |
− | In this example, we will configure an OpenVPN server and will manage which resources can be accessed by separate clients | + | In this example, we will configure an OpenVPN server, will let Client1 and Client2 communicate, while isolating Client3 to only be able to communicate with OpenVPN server |
| | | |
| <h1>Generating certificates for an OpenVPN server</h1> | | <h1>Generating certificates for an OpenVPN server</h1> |
Line 17: |
Line 16: |
| | | |
| | | |
− | [[File:Certificate download.png|none|thumb|alt=|1000x1000px]] | + | [[File:Certificate download v2.png|none|thumb|alt=|1000x1000px]] |
| | | |
| For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client | | For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client |
Line 25: |
Line 24: |
| 1) Connect to WebUI and enable Advanced mode | | 1) Connect to WebUI and enable Advanced mode |
| | | |
− | [[File:Advanced mode toggle.png|none|thumb|alt=|1000x1000px]] | + | [[File:Advanced mode toggle v2.png|none|thumb|alt=|1000x1000px]] |
| | | |
| 2) Navigate to Services -> VPN -> OpenVPN | | 2) Navigate to Services -> VPN -> OpenVPN |
Line 34: |
Line 33: |
| | | |
| | | |
− | [[File:OpenVPN server settings.png|none|thumb|alt=|1000x1000px]] | + | [[File:OpenVPN server settings v2.png|none|thumb|alt=|1000x1000px]] |
| | | |
| Virtual network IP address – 10.0.0.0 | | Virtual network IP address – 10.0.0.0 |
| | | |
− | Virtual network netmask – 255.255.255.240 | + | Virtual network netmask – 255.255.255.224 |
| | | |
| Client to client – disabled | | Client to client – disabled |
Line 46: |
Line 45: |
| 5) Press "Save & Apply", enable OpenVPN server and check if the server is online | | 5) Press "Save & Apply", enable OpenVPN server and check if the server is online |
| | | |
− | [[File:OpenVPN server is online.png|none|thumb|alt=|1000x1000px]] | + | [[File:OpenVPN server is online v2.png|none|thumb|alt=|1000x1000px]] |
| | | |
| <h1>Connecting clients to the OpenVPN server</h1> | | <h1>Connecting clients to the OpenVPN server</h1> |
Line 73: |
Line 72: |
| | | |
| <h1>Client to Client LAN network communication</h1> | | <h1>Client to Client LAN network communication</h1> |
| + | 1) On the OpenVPN server router, navigate to Services -> VPN -> OpenVPN, Press "Edit" on the server, scroll down and add TLS clients |
| + | |
| + | Add clients which LAN address You want to have access to, in our case, we add all 3 clients |
| + | |
| + | |
| + | |
| + | |
| + | Common name - common name of the certificate which was generated previously |
| + | Virtual local endpoint - client’s local address in the virtual network. |
| + | Virtual remote endpoint - client’s remote address in the virtual network. |
| + | Private network - client's LAN subnet |
| + | Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server |
| + | |
| | | |
| This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets | | This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets |
| | | |
| 1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN | | 1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN |
− |
| |
| | | |
| This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets | | This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets |