73
edits
Changes
mLine 1:
Line 1: − + Line 15:
Line 15: + + Line 24:
Line 26: − + Line 57:
Line 59: − + − + − + − + − + − − − Line 79:
Line 78: − + − + − + − + − + − + − + − − − − Line 113:
Line 108: + + + + + + + + − Source interface - OpenVPN+ − + − Destination interface - OpenVPN+ − + − Source IP - OpenVPN remote IP and LAN subnet of client 3 − − Destination IP - other client OpenVPN remote endpoints and LAN subnets − − Action - Deny − − This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet
Edit 2
<h1>Introduction</h1>
<h1>Introduction</h1>
In this example, we will configure an OpenVPN server, will let Client1 and Client2 communicate, while isolating Client3 to only be able to communicate with OpenVPN server
In this example, we will configure an OpenVPN server, will let Client1 and Client2 communicate, while isolating Client3 only to be able to communicate with OpenVPN server
<h1>Generating certificates for an OpenVPN server</h1>
<h1>Generating certificates for an OpenVPN server</h1>
3) In Certificate Manager download Server certificate
3) In Certificate Manager download Server certificate
There are multiple methods of how certificates could be generated, you could follow this tutorial instead:
[[How to generate TLS certificates (Windows)?]]
[[File:Certificate download v2.png|none|thumb|alt=|1000x1000px]]
[[File:Certificate download v2.png|none|thumb|alt=|1000x1000px]]
1) Connect to WebUI and enable Advanced mode
1) Connect to WebUI and enable Advanced mode
[[File:Advanced mode toggle v2.png|none|thumb|alt=|1000x1000px]]
[[File:Networking rutos manual webui basic advanced mode 75.gif|none|thumb|alt=|1000x1000px]]
2) Navigate to '''Services -> VPN -> OpenVPN'''
2) Navigate to '''Services -> VPN -> OpenVPN'''
[[File:OpenVPN Client1 v2.png|none|thumb|alt=|1000x1000px]]
[[File:OpenVPN Client1 v2.png|none|thumb|alt=|1000x1000px]]
Remote host/IP address - Public IP of the OpenVPN server's router
<ul>Remote host/IP address - Public IP of the OpenVPN server's router
<li>Remote network IP address - 10.0.0.0</li>
Remote network IP address - 10.0.0.0
<li>Remote network netmask - 255.255.255.224</li>
<li>And add the certificates from the OpenVPN server - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step</li>
Remote network netmask - 255.255.255.224
</ul>
And add the certificates from the OpenVPN server - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step
4) Press "Save & Apply", enable OpenVPN client and check if the connection is made
4) Press "Save & Apply", enable OpenVPN client and check if the connection is made
[[File:TLS Client 1.png||none|thumb|alt=|1000x1000px]]
[[File:TLS Client 1.png||none|thumb|alt=|1000x1000px]]
<ul>
Common name - common name of the certificate which was generated previously
<li>Common name - common name of the certificate which was generated previously</li>
<li>Virtual local endpoint - client’s local address in the virtual network</li>
Virtual local endpoint - client’s local address in the virtual network
<li>Virtual remote endpoint - client’s remote address in the virtual network</li>
<li>Private network - client's LAN subnet</li>
Virtual remote endpoint - client’s remote address in the virtual network
<li>Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li>
</ul>
Private network - client's LAN subnet
Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets
[[File:Deny Client3 rule.png|none|thumb|alt=|1000x1000px]]
[[File:Deny Client3 rule.png|none|thumb|alt=|1000x1000px]]
<ul>
<li>Source interface - OpenVPN</li>
<li>Destination interface - OpenVPN</li>
<li>Source IP - OpenVPN remote IP and LAN subnet of client 3</li>
<li>Destination IP - other client OpenVPN remote endpoints and LAN subnets</li>
<li>Action - Deny</li>
</ul>
This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet
<h1>See also</h1>
<ul>
<li>[[OpenVPN_configuration_examples_RUT_R_00.07|OpenVPN configuration examples]]</li>
</ul>
