73
edits
Changes
mLine 59:
Line 59: − + Line 72:
Line 72: − + + + + + + + + + + + + + + + + + + + + + + + + + + − 1)+
Version 1 without screenshots
Remote host/IP address - Public IP of the OpenVPN server's router
Remote host/IP address - Public IP of the OpenVPN server's router
.
Remote network IP address - 10.0.0.0
Remote network IP address - 10.0.0.0
5) Repeat this step for as many clients as You need. For this example, we will have 3 clients
5) Repeat this step for as many clients as You need. For this example, we will have 3 clients
<h1>Controlling access with traffic rules</h1>
<h1>Client to Client LAN network communication</h1>
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets
1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN
This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets
1) Create a route to other client LAN networks using WebUI or CLI. To create route from client 1's LAN to client 2's LAN using CLI use this command
ip route add 192.168.20.0/24 via 10.0.0.6
<h1>Controlling access with firewall</h1>
1) Navigate to Network -> Firewall -> Access Control
2) Create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks
Source interface - OpenVPN
Destination interface - OpenVPN
Source IP - OpenVPN remote IP and LAN subnet of client 3
Destination IP - other client OpenVPN remote endpoints and LAN subnets
This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet
