OpenVPN Access Control: Difference between revisions
m
no edit summary
mNo edit summary |
mNo edit summary |
||
| Line 77: | Line 77: | ||
   1) Remote host/IP address - Public IP of the OpenVPN server's router |    1) '''Remote host/IP address''' - Public IP of the OpenVPN server's router | ||
   2) Remote network IP address - 10.0.0.0 |    2) '''Remote network IP address''' - 10.0.0.0 | ||
   3) Remote network netmask - 255.255.255.224 |    3) '''Remote network netmask''' - 255.255.255.224 | ||
   4) Add the certificates from the OpenVPN server - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step |    4) '''Add the certificates from the OpenVPN server''' - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step | ||
  4. Press "Save & Apply", enable OpenVPN client and check if the connection is made |   4. Press "'''Save & Apply'''", enable OpenVPN client and check if the connection is made | ||
[[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border]] | [[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border]] | ||
| Line 95: | Line 95: | ||
==TLS Clients== | ==TLS Clients== | ||
  |   On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients | ||
[[File:TLS Client1 v3.png|none|border|left|class=tlt-border]] | [[File:TLS Client1 v3.png|none|border|left|class=tlt-border]] | ||
| Line 103: | Line 103: | ||
<ul> | <ul> | ||
<li>Common name - common name of the certificate which was generated previously</li> | <li>'''Common name''' - common name of the certificate which was generated previously</li> | ||
<li>Virtual local endpoint - client’s local address in the virtual network</li> | <li>'''Virtual local endpoint''' - client’s local address in the virtual network</li> | ||
<li>Virtual remote endpoint - client’s remote address in the virtual network</li> | <li>'''Virtual remote endpoint''' - client’s remote address in the virtual network</li> | ||
<li>Private network - client's LAN subnet</li> | <li>'''Private network''' - client's LAN subnet</li> | ||
<li>Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li> | <li>'''Covered network''' - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li> | ||
</ul> | </ul> | ||
| Line 126: | Line 126: | ||
  1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. |   1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. | ||
[[File:OpenVPN client routes.png|none|border|left|class=tlt-border]] | [[File:OpenVPN client routes v2.png|none|border|left|class=tlt-border]] | ||
=Controlling access with firewall= | =Controlling access with firewall= | ||
| Line 135: | Line 135: | ||
   1. Protocol - All protocols |    1. '''Protocol''' - All protocols | ||
   2. Source zone - OpenVPN |    2. '''Source zone''' - OpenVPN | ||
   3. Source IP - OpenVPN remote IP and LAN subnet of client 3 |    3. '''Source IP''' - OpenVPN remote IP and LAN subnet of client 3 | ||
   4. Destination zone - OpenVPN |    4. '''Destination zone''' - OpenVPN | ||
   5. Destination address - other client OpenVPN remote endpoints and LAN subnets |    5. '''Destination address''' - other client OpenVPN remote endpoints and LAN subnets | ||
   6. Action - Deny |    6. '''Action''' - Deny | ||
| Line 154: | Line 154: | ||
If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting: | If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting: | ||
Client 1 to Client 2 | Client 1 to Client 2 | ||