OpenVPN Access Control: Difference between revisions
m
Edit with screenshots
m (Version 1 without screenshots) |
m (Edit with screenshots) |
||
| Line 1: | Line 1: | ||
<h1>Introduction</h1> | <h1>Introduction</h1> | ||
In this example, we will configure an OpenVPN server and | In this example, we will configure an OpenVPN server, will let Client1 and Client2 communicate, while isolating Client3 to only be able to communicate with OpenVPN server | ||
<h1>Generating certificates for an OpenVPN server</h1> | <h1>Generating certificates for an OpenVPN server</h1> | ||
| Line 17: | Line 16: | ||
[[File:Certificate download.png|none|thumb|alt=|1000x1000px]] | [[File:Certificate download v2.png|none|thumb|alt=|1000x1000px]] | ||
For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client | For any OpenVPN clients, You will need to generate “Client” certificates, download certificate and key, and send them to the client | ||
| Line 25: | Line 24: | ||
1) Connect to WebUI and enable Advanced mode | 1) Connect to WebUI and enable Advanced mode | ||
[[File:Advanced mode toggle.png|none|thumb|alt=|1000x1000px]] | [[File:Advanced mode toggle v2.png|none|thumb|alt=|1000x1000px]] | ||
2) Navigate to Services -> VPN -> OpenVPN | 2) Navigate to Services -> VPN -> OpenVPN | ||
| Line 34: | Line 33: | ||
[[File:OpenVPN server settings.png|none|thumb|alt=|1000x1000px]] | [[File:OpenVPN server settings v2.png|none|thumb|alt=|1000x1000px]] | ||
Virtual network IP address – 10.0.0.0 | Virtual network IP address – 10.0.0.0 | ||
Virtual network netmask – 255.255.255. | Virtual network netmask – 255.255.255.224 | ||
Client to client – disabled | Client to client – disabled | ||
| Line 46: | Line 45: | ||
5) Press "Save & Apply", enable OpenVPN server and check if the server is online | 5) Press "Save & Apply", enable OpenVPN server and check if the server is online | ||
[[File:OpenVPN server is online.png|none|thumb|alt=|1000x1000px]] | [[File:OpenVPN server is online v2.png|none|thumb|alt=|1000x1000px]] | ||
<h1>Connecting clients to the OpenVPN server</h1> | <h1>Connecting clients to the OpenVPN server</h1> | ||
| Line 73: | Line 72: | ||
<h1>Client to Client LAN network communication</h1> | <h1>Client to Client LAN network communication</h1> | ||
1) On the OpenVPN server router, navigate to Services -> VPN -> OpenVPN, Press "Edit" on the server, scroll down and add TLS clients | |||
Add clients which LAN address You want to have access to, in our case, we add all 3 clients | |||
Common name - common name of the certificate which was generated previously | |||
Virtual local endpoint - client’s local address in the virtual network. | |||
Virtual remote endpoint - client’s remote address in the virtual network. | |||
Private network - client's LAN subnet | |||
Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server | |||
This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets | This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets | ||
1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN | 1) Navigate to Network -> Firewall -> General settings -> Zones and set OpenVPN zone to forward traffic to LAN | ||
This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets | This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets | ||