Line 50: |
Line 50: |
| =Creating an OpenVPN server= | | =Creating an OpenVPN server= |
| | | |
− | Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings | + | Navigate to '''Services -> VPN -> OpenVPN''', Add a new OpenVPN instance with a Server role with these settings: |
| | | |
| | | |
Line 70: |
Line 70: |
| =Connecting clients to the OpenVPN server= | | =Connecting clients to the OpenVPN server= |
| | | |
− | Navigate to '''Services -> VPN -> OpenVPN'''. Add a new OpenVPN instance with a Client role with these settings | + | Navigate to '''Services -> VPN -> OpenVPN'''. Add a new OpenVPN instance with a Client role with these settings: |
| | | |
| [[File:OpenVPN Client1 v3.png|none|border|center|class=tlt-border]] | | [[File:OpenVPN Client1 v3.png|none|border|center|class=tlt-border]] |
Line 87: |
Line 87: |
| [[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border|1100x1100px]] | | [[File:OpenVPN Client1 connected v2.png|none|border|left|class=tlt-border|1100x1100px]] |
| | | |
− | Repeat this step for as many clients as You need. For this example, we will have 3 clients | + | Repeat this step for as many clients as You need. For this example, we will have 3 clients. |
| | | |
| =Client to Client LAN network communication= | | =Client to Client LAN network communication= |
| ==TLS Clients== | | ==TLS Clients== |
| | | |
− |   On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients | + |   On the OpenVPN server router, navigate to '''Services -> VPN -> OpenVPN''', Press "'''Edit'''" on the server, scroll down and add TLS clients and add clients which LAN address You want to have access to, in our case, we add all 3 clients: |
| ===TLS Client 1=== | | ===TLS Client 1=== |
| ---- | | ---- |
Line 113: |
Line 113: |
| ==Firewall Zones== | | ==Firewall Zones== |
| | | |
− | This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets | + | This step should be done on OpenVPN server and all clients that want their LAN subnets be accessible and to access other client's LAN subnets. |
| | | |
− |   Navigate to '''Network -> Firewall -> General settings -> Zones''' and set OpenVPN zone to forward traffic to LAN | + |   Navigate to '''Network -> Firewall -> General settings -> Zones''' and set OpenVPN zone to forward traffic to LAN. |
| | | |
| [[File:OpenVPN to LAN zone forward v2.png|none|border|left|class=tlt-border|1100x1100px]] | | [[File:OpenVPN to LAN zone forward v2.png|none|border|left|class=tlt-border|1100x1100px]] |
Line 123: |
Line 123: |
| ==Routes to LAN subnets== | | ==Routes to LAN subnets== |
| | | |
− | Create a route to other client LAN networks using WebUI. This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets | + | Create a route to other client LAN networks using WebUI. This step should be done on all <b>clients</b> that want their LAN subnets be accessible and to access other client's LAN subnets. |
| | | |
|   1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. | |   1. Navigate to '''Services -> VPN -> OpenVPN''' press '''"Edit"''' on the OpenVPN client and add routes to other client LAN subnets. In this image, we are editing Client 1's configuration's extra options, to add routes to <b>Client 2's (192.168.20.0/24)</b> and <b>Client 3's (192.168.30.0/24)</b> LAN subnets. |
Line 131: |
Line 131: |
| =Controlling access with firewall= | | =Controlling access with firewall= |
| | | |
− | Navigate to '''Network -> Firewall -> Access Control''' and create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks | + | Navigate to '''Network -> Firewall -> Access Control''' and create a new deny rule. In this example, we are denying Client 3 from accessing any other clients and their LAN networks. |
| | | |
| [[File:Deny Client3 rule v2.png|none|border|left|class=tlt-border]] | | [[File:Deny Client3 rule v2.png|none|border|left|class=tlt-border]] |
Line 149: |
Line 149: |
| | | |
| | | |
− | This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet | + | This rule will deny all traffic from Client 3 to other clients, but will not interact with traffic, if it's destination is OpenVPN server or it's LAN subnet. |
| | | |
| | | |