Changes

OpenVPN Access Control (view source)

Revision as of 10:18, 2 April 2024

9 bytes added , 2 April

m

no edit summary

Line 50: Line 50:

=Creating an OpenVPN server=

−

Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings

+

Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings:

Line 70: Line 70:

=Connecting clients to the OpenVPN server=

−

Navigate to '''Services -> VPN -> OpenVPN'''. Add a new OpenVPN instance with a Client role with these settings

+

Navigate to '''Services -> VPN -> OpenVPN'''. Add a new OpenVPN instance with a Client role with these settings:

[[File:OpenVPN Client1 v3.png|none|border|center|class=tlt-border]]

Line 87: Line 87:

−

Repeat this step for as many clients as You need. For this example, we will have 3 clients

+

Repeat this step for as many clients as You need. For this example, we will have 3 clients.

=Client to Client LAN network communication=

==TLS Clients==

−

&emsp; On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients

+

&emsp; On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients:

===TLS Client 1===

----

Line 113: Line 113:

==Firewall Zones==

−

This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets

+

This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets.

−

&emsp; Navigate to '''Network -> Firewall -> General settings -> Zones''' and set OpenVPN zone to forward traffic to LAN

+

&emsp; Navigate to '''Network -> Firewall -> General settings -> Zones''' and set OpenVPN zone to forward traffic to LAN.

Line 123: Line 123:

==Routes to LAN subnets==

−

Create a route to other client LAN networks using WebUI. This step should be done on all clients that want their LAN subnets be accessible and to access other client's LAN subnets

+

Create a route to other client LAN networks using WebUI. This step should be done on all clients that want their LAN subnets be accessible and to access other client's LAN subnets.

&emsp; 1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to Client 2's (192.168.20.0/24) and Client 3's (192.168.30.0/24) LAN subnets.

Line 131: Line 131:

=Controlling access with firewall=

−

Navigate to '''Network -> Firewall -> Access Control''' and create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks

+

Navigate to '''Network -> Firewall -> Access Control''' and create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks.

[[File:Deny Client3 rule v2.png|none|border|left|class=tlt-border]]

Line 149: Line 149: −

This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet

+

This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet.

Julius.lazdauskis

Administrators

73

edits