Line 77: |
Line 77: |
| | | |
| | | |
− |    1) Remote host/IP address - Public IP of the OpenVPN server's router | + |    1) '''Remote host/IP address''' - Public IP of the OpenVPN server's router |
| | | |
− |    2) Remote network IP address - 10.0.0.0 | + |    2) '''Remote network IP address''' - 10.0.0.0 |
| | | |
− |    3) Remote network netmask - 255.255.255.224 | + |    3) '''Remote network netmask''' - 255.255.255.224 |
| | | |
− |    4) Add the certificates from the OpenVPN server - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step | + |    4) '''Add the certificates from the OpenVPN server''' - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step |
| | | |
| | | |
− |   4. Press "Save & Apply", enable OpenVPN client and check if the connection is made | + |   4. Press "'''Save & Apply'''", enable OpenVPN client and check if the connection is made |
| | | |
| [[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border]] | | [[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border]] |
Line 95: |
Line 95: |
| ==TLS Clients== | | ==TLS Clients== |
| | | |
− |   1. On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients | + |   On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients |
| | | |
| [[File:TLS Client1 v3.png|none|border|left|class=tlt-border]] | | [[File:TLS Client1 v3.png|none|border|left|class=tlt-border]] |
Line 103: |
Line 103: |
| | | |
| <ul> | | <ul> |
− | <li>Common name - common name of the certificate which was generated previously</li> | + | <li>'''Common name''' - common name of the certificate which was generated previously</li> |
− | <li>Virtual local endpoint - client’s local address in the virtual network</li> | + | <li>'''Virtual local endpoint''' - client’s local address in the virtual network</li> |
− | <li>Virtual remote endpoint - client’s remote address in the virtual network</li> | + | <li>'''Virtual remote endpoint''' - client’s remote address in the virtual network</li> |
− | <li>Private network - client's LAN subnet</li> | + | <li>'''Private network''' - client's LAN subnet</li> |
− | <li>Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li> | + | <li>'''Covered network''' - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li> |
| </ul> | | </ul> |
| | | |
Line 126: |
Line 126: |
|   1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. | |   1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. |
| | | |
− | [[File:OpenVPN client routes.png|none|border|left|class=tlt-border]] | + | [[File:OpenVPN client routes v2.png|none|border|left|class=tlt-border]] |
| | | |
| =Controlling access with firewall= | | =Controlling access with firewall= |
Line 135: |
Line 135: |
| | | |
| | | |
− |    1. Protocol - All protocols | + |    1. '''Protocol''' - All protocols |
| | | |
− |    2. Source zone - OpenVPN | + |    2. '''Source zone''' - OpenVPN |
| | | |
− |    3. Source IP - OpenVPN remote IP and LAN subnet of client 3 | + |    3. '''Source IP''' - OpenVPN remote IP and LAN subnet of client 3 |
| | | |
− |    4. Destination zone - OpenVPN | + |    4. '''Destination zone''' - OpenVPN |
| | | |
− |    5. Destination address - other client OpenVPN remote endpoints and LAN subnets | + |    5. '''Destination address''' - other client OpenVPN remote endpoints and LAN subnets |
| | | |
− |    6. Action - Deny | + |    6. '''Action''' - Deny |
| | | |
| | | |
Line 154: |
Line 154: |
| | | |
| If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting: | | If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting: |
| + | |
| | | |
| Client 1 to Client 2 | | Client 1 to Client 2 |