OpenVPN Access Control: Difference between revisions
m
no edit summary
m (Fixes) |
mNo edit summary |
||
| Line 49: | Line 49: | ||
Connect to WebUI and enable Advanced mode | Connect to WebUI and enable Advanced mode | ||
[[File:Networking rutos manual webui basic advanced mode 75.gif|none| | [[File:Networking rutos manual webui basic advanced mode 75.gif|none|border|center|class=tlt-border]] | ||
Navigate to '''Services -> VPN -> OpenVPN''' | Navigate to '''Services -> VPN -> OpenVPN''' | ||
| Line 58: | Line 58: | ||
[[File:OpenVPN server settings v3.png|none| | [[File:OpenVPN server settings v3.png|none|border|left|class=tlt-border]] | ||
1) Client to client – disabled | 1) Client to client – disabled | ||
| Line 102: | Line 102: | ||
==TLS Clients== | ==TLS Clients== | ||
  1. On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients |   1. On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients | ||
[[File:TLS Client 1 v2.png|none|border|left|class=tlt-border]] | |||
[[File:TLS Client 2.png|none|border|left|class=tlt-border]] | |||
[[File:TLS Client 1 v2.png|none| | [[File:TLS Client 3.png|none|border|left|class=tlt-border]] | ||
[[File:TLS Client 2.png|none| | |||
[[File:TLS Client 3.png|none| | |||
| Line 125: | Line 123: | ||
  Navigate to '''Network -> Firewall -> General settings -> Zones''' and set OpenVPN zone to forward traffic to LAN |   Navigate to '''Network -> Firewall -> General settings -> Zones''' and set OpenVPN zone to forward traffic to LAN | ||
[[File:OpenVPN to LAN zone forward.png|none| | [[File:OpenVPN to LAN zone forward.png|none|border|left|class=tlt-border]] | ||
| Line 135: | Line 133: | ||
  1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. |   1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. | ||
[[File:OpenVPN client routes.png|none| | [[File:OpenVPN client routes.png|none|border|left|class=tlt-border]] | ||
=Controlling access with firewall= | =Controlling access with firewall= | ||
| Line 141: | Line 139: | ||
Navigate to '''Network -> Firewall -> Access Control''' and create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks | Navigate to '''Network -> Firewall -> Access Control''' and create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks | ||
[[File:Deny Client3 rule v2.png|none| | [[File:Deny Client3 rule v2.png|none|border|left|class=tlt-border]] | ||