88
edits
Changes
mLine 1:
Line 1: − − + Line 17:
Line 16: − + Line 25:
Line 24: − + Line 34:
Line 33: − + − + Line 46:
Line 45: − + Line 73:
Line 72: + + + + + + + + + + + + + −
Edit with screenshots
<h1>Introduction</h1>
<h1>Introduction</h1>
In this example, we will configure an OpenVPN server and will manage which resources can be accessed by separate clients
In this example, we will configure an OpenVPN server, will let Client1 and Client2 communicate, while isolating Client3 to only be able to communicate with OpenVPN server
<h1>Generating certificates for an OpenVPN server</h1>
<h1>Generating certificates for an OpenVPN server</h1>
[[File:Certificate download.png|none|thumb|alt=|1000x1000px]]
[[File:Certificate download v2.png|none|thumb|alt=|1000x1000px]]
For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client
For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client
1) Connect to WebUI and enable Advanced mode
1) Connect to WebUI and enable Advanced mode
[[File:Advanced mode toggle.png|none|thumb|alt=|1000x1000px]]
[[File:Advanced mode toggle v2.png|none|thumb|alt=|1000x1000px]]
2) Navigate to Services -> VPN -> OpenVPN
2) Navigate to Services -> VPN -> OpenVPN
[[File:OpenVPN server settings.png|none|thumb|alt=|1000x1000px]]
[[File:OpenVPN server settings v2.png|none|thumb|alt=|1000x1000px]]
Virtual network IP address – 10.0.0.0
Virtual network IP address – 10.0.0.0
Virtual network netmask – 255.255.255.240
Virtual network netmask – 255.255.255.224
Client to client – disabled
Client to client – disabled
5) Press "Save & Apply", enable OpenVPN server and check if the server is online
5) Press "Save & Apply", enable OpenVPN server and check if the server is online
[[File:OpenVPN server is online.png|none|thumb|alt=|1000x1000px]]
[[File:OpenVPN server is online v2.png|none|thumb|alt=|1000x1000px]]
<h1>Connecting clients to the OpenVPN server</h1>
<h1>Connecting clients to the OpenVPN server</h1>
<h1>Client to Client LAN network communication</h1>
<h1>Client to Client LAN network communication</h1>
1) On the OpenVPN server router, navigate to Services -> VPN -> OpenVPN, Press "Edit" on the server, scroll down and add TLS clients
Add clients which LAN address You want to have access to, in our case, we add all 3 clients
Common name - common name of the certificate which was generated previously
Virtual local endpoint - client’s local address in the virtual network.
Virtual remote endpoint - client’s remote address in the virtual network.
Private network - client's LAN subnet
Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets
1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN
1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN
This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets
This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets