Line 1: |
Line 1: |
| <h1>Introduction</h1> | | <h1>Introduction</h1> |
| | | |
− | In this example, we will configure an OpenVPN server, will let Client1 and Client2 communicate, while isolating Client3 to only be able to communicate with OpenVPN server | + | In this example, we will configure an OpenVPN server, will let Client1 and Client2 communicate, while isolating Client3 only to be able to communicate with OpenVPN server |
| | | |
| <h1>Generating certificates for an OpenVPN server</h1> | | <h1>Generating certificates for an OpenVPN server</h1> |
Line 15: |
Line 15: |
| 3) In Certificate Manager download Server certificate | | 3) In Certificate Manager download Server certificate |
| | | |
| + | There are multiple methods of how certificates could be generated, you could follow this tutorial instead: |
| + | [[How to generate TLS certificates (Windows)?]] |
| | | |
| [[File:Certificate download v2.png|none|thumb|alt=|1000x1000px]] | | [[File:Certificate download v2.png|none|thumb|alt=|1000x1000px]] |
Line 24: |
Line 26: |
| 1) Connect to WebUI and enable Advanced mode | | 1) Connect to WebUI and enable Advanced mode |
| | | |
− | [[File:Advanced mode toggle v2.png|none|thumb|alt=|1000x1000px]] | + | [[File:Networking rutos manual webui basic advanced mode 75.gif|none|thumb|alt=|1000x1000px]] |
| | | |
| 2) Navigate to '''Services -> VPN -> OpenVPN''' | | 2) Navigate to '''Services -> VPN -> OpenVPN''' |
Line 57: |
Line 59: |
| [[File:OpenVPN Client1 v2.png|none|thumb|alt=|1000x1000px]] | | [[File:OpenVPN Client1 v2.png|none|thumb|alt=|1000x1000px]] |
| | | |
− | Remote host/IP address - Public IP of the OpenVPN server's router | + | <ul>Remote host/IP address - Public IP of the OpenVPN server's router |
− | | + | <li>Remote network IP address - 10.0.0.0</li> |
− | Remote network IP address - 10.0.0.0 | + | <li>Remote network netmask - 255.255.255.224</li> |
− | | + | <li>And add the certificates from the OpenVPN server - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step</li> |
− | Remote network netmask - 255.255.255.224 | + | </ul> |
− | | |
− | And add the certificates from the OpenVPN server - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step | |
− | | |
| 4) Press "Save & Apply", enable OpenVPN client and check if the connection is made | | 4) Press "Save & Apply", enable OpenVPN client and check if the connection is made |
| | | |
Line 79: |
Line 78: |
| [[File:TLS Client 1.png||none|thumb|alt=|1000x1000px]] | | [[File:TLS Client 1.png||none|thumb|alt=|1000x1000px]] |
| | | |
− | | + | <ul> |
− | Common name - common name of the certificate which was generated previously | + | <li>Common name - common name of the certificate which was generated previously</li> |
− | | + | <li>Virtual local endpoint - client’s local address in the virtual network</li> |
− | Virtual local endpoint - client’s local address in the virtual network | + | <li>Virtual remote endpoint - client’s remote address in the virtual network</li> |
− | | + | <li>Private network - client's LAN subnet</li> |
− | Virtual remote endpoint - client’s remote address in the virtual network | + | <li>Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li> |
− | | + | </ul> |
− | Private network - client's LAN subnet | |
− | | |
− | Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server | |
− | | |
| | | |
| This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets | | This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets |
Line 113: |
Line 108: |
| [[File:Deny Client3 rule.png|none|thumb|alt=|1000x1000px]] | | [[File:Deny Client3 rule.png|none|thumb|alt=|1000x1000px]] |
| | | |
| + | <ul> |
| + | <li>Source interface - OpenVPN</li> |
| + | <li>Destination interface - OpenVPN</li> |
| + | <li>Source IP - OpenVPN remote IP and LAN subnet of client 3</li> |
| + | <li>Destination IP - other client OpenVPN remote endpoints and LAN subnets</li> |
| + | <li>Action - Deny</li> |
| + | </ul> |
| + | This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet |
| | | |
− | Source interface - OpenVPN
| + | <h1>See also</h1> |
− | | + | <ul> |
− | Destination interface - OpenVPN
| + | <li>[[OpenVPN_configuration_examples_RUT_R_00.07|OpenVPN configuration examples]]</li> |
− | | + | </ul> |
− | Source IP - OpenVPN remote IP and LAN subnet of client 3
| |
− | | |
− | Destination IP - other client OpenVPN remote endpoints and LAN subnets
| |
− | | |
− | Action - Deny
| |
− | | |
− | This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet
| |