OpenVPN Access Control: Difference between revisions
m
Version 1 without screenshots
mNo edit summary |
m (Version 1 without screenshots) |
||
Line 59: | Line 59: | ||
Remote host/IP address - Public IP of the OpenVPN server's router | Remote host/IP address - Public IP of the OpenVPN server's router | ||
. | |||
Remote network IP address - 10.0.0.0 | Remote network IP address - 10.0.0.0 | ||
Line 72: | Line 72: | ||
5) Repeat this step for as many clients as You need. For this example, we will have 3 clients | 5) Repeat this step for as many clients as You need. For this example, we will have 3 clients | ||
<h1>Controlling access with | <h1>Client to Client LAN network communication</h1> | ||
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets | |||
1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN | |||
This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets | |||
1) Create a route to other client LAN networks using WebUI or CLI. To create route from client 1's LAN to client 2's LAN using CLI use this command | |||
ip route add 192.168.20.0/24 via 10.0.0.6 | |||
<h1>Controlling access with firewall</h1> | |||
1) Navigate to Network -> Firewall -> Access Control | |||
2) Create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks | |||
Source interface - OpenVPN | |||
Destination interface - OpenVPN | |||
Source IP - OpenVPN remote IP and LAN subnet of client 3 | |||
Destination IP - other client OpenVPN remote endpoints and LAN subnets | |||
This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet |