88
edits
Changes
mLine 77:
Line 77: − + − + − + − + − + Line 95:
Line 95: − + Line 103:
Line 103: − + − + − + − + − + Line 126:
Line 126: − + Line 135:
Line 135: − + − + − + − + − + − + Line 154:
Line 154: +
no edit summary
   1) Remote host/IP address - Public IP of the OpenVPN server's router
   1) '''Remote host/IP address''' - Public IP of the OpenVPN server's router
   2) Remote network IP address - 10.0.0.0
   2) '''Remote network IP address''' - 10.0.0.0
   3) Remote network netmask - 255.255.255.224
   3) '''Remote network netmask''' - 255.255.255.224
   4) Add the certificates from the OpenVPN server - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step
   4) '''Add the certificates from the OpenVPN server''' - Certificate Authority, Client certificate, and Client key which we downloaded in the Certificate Generation step
  4. Press "Save & Apply", enable OpenVPN client and check if the connection is made
  4. Press "'''Save & Apply'''", enable OpenVPN client and check if the connection is made
[[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border]]
[[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border]]
==TLS Clients==
==TLS Clients==
  1. On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients
  On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients
[[File:TLS Client1 v3.png|none|border|left|class=tlt-border]]
[[File:TLS Client1 v3.png|none|border|left|class=tlt-border]]
<ul>
<ul>
<li>Common name - common name of the certificate which was generated previously</li>
<li>'''Common name''' - common name of the certificate which was generated previously</li>
<li>Virtual local endpoint - client’s local address in the virtual network</li>
<li>'''Virtual local endpoint''' - client’s local address in the virtual network</li>
<li>Virtual remote endpoint - client’s remote address in the virtual network</li>
<li>'''Virtual remote endpoint''' - client’s remote address in the virtual network</li>
<li>Private network - client's LAN subnet</li>
<li>'''Private network''' - client's LAN subnet</li>
<li>Covered network - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li>
<li>'''Covered network''' - Which LAN subnet should clients be able to communicate with in the OpenVPN server</li>
</ul>
</ul>
  1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets.
  1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets.
[[File:OpenVPN client routes.png|none|border|left|class=tlt-border]]
[[File:OpenVPN client routes v2.png|none|border|left|class=tlt-border]]
=Controlling access with firewall=
=Controlling access with firewall=
   1. Protocol - All protocols
   1. '''Protocol''' - All protocols
   2. Source zone - OpenVPN
   2. '''Source zone''' - OpenVPN
   3. Source IP - OpenVPN remote IP and LAN subnet of client 3
   3. '''Source IP''' - OpenVPN remote IP and LAN subnet of client 3
   4. Destination zone - OpenVPN
   4. '''Destination zone''' - OpenVPN
   5. Destination address - other client OpenVPN remote endpoints and LAN subnets
   5. '''Destination address''' - other client OpenVPN remote endpoints and LAN subnets
   6. Action - Deny
   6. '''Action''' - Deny
If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting:
If You have followed the steps correctly, configuration should be finished. These should be the results that You will be getting:
Client 1 to Client 2
Client 1 to Client 2
