Jump to content

OpenVPN Access Control: Difference between revisions

m
Version 1 without screenshots
mNo edit summary
m (Version 1 without screenshots)
Line 59: Line 59:


Remote host/IP address - Public IP of the OpenVPN server's router
Remote host/IP address - Public IP of the OpenVPN server's router
 
.
Remote network IP address - 10.0.0.0
Remote network IP address - 10.0.0.0


Line 72: Line 72:
5) Repeat this step for as many clients as You need. For this example, we will have 3 clients
5) Repeat this step for as many clients as You need. For this example, we will have 3 clients


<h1>Controlling access with traffic rules</h1>
<h1>Client to Client LAN network communication</h1>
 
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets
 
1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN
 
 
This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets
 
1) Create a route to other client LAN networks using WebUI or CLI. To create route from client 1's LAN to client 2's LAN using CLI use this command
 
ip route add 192.168.20.0/24 via 10.0.0.6
 
<h1>Controlling access with firewall</h1>
 
1) Navigate to Network -> Firewall -> Access Control
 
2) Create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks
 
Source interface - OpenVPN
 
Destination interface - OpenVPN
 
Source IP - OpenVPN remote IP and LAN subnet of client 3
 
Destination IP - other client OpenVPN remote endpoints and LAN subnets


1)
This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet