• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Setting up this OpenVPN network

riahc3

riahc3

Senior member
I want to setup this complex OpenVPN network with subnets. I am NOT using pfSense with this.

(All public WAN IPs are made up)
nBbYp7m.png



As you can see, I have one tunnel (10.10.10.x) with several subnets (172.16.x.y). I should be able to access all the subnets BUT they should not be able to access each other. The NIC 1 on each of those should not matter (we also know that NO network has 172.16.x.y internally as their LAN).

Everything in blue (plus the other two routers, just didn't put a blue circle so the drawing wont get crowded) has a OpenVPN client on it and is connected to the server.

The connection to and from the clients to the server is OK and working. Now I need to know how I can setup ccds to split the network and route my clients to use the VPN to reach those 172.16.x.y networks.

Im using Webmin to do all of this.

How can I do it?

Thank you
 
Why do people do this stuff to themselves?

GRE tunnels (easiest) or even IPSec on a real firewall would take literally minutes to set this up start to finish.
 
I have no idea what software that is, but I believe if you want those NICs from communicating to each other they should all be placed in a subnet.

Or just use class a,b, and c on the NICs?

Untangle is a server firewall and may be of use here.

How can I restrict access to certain OpenVPN users?

By default, openvpn users can connect to any machine that the Untangle can connect to. However, routes are pushed to all the "Exported" network automatically. Beware, nothing prevents adding remote users that have administrator access to their machines to add routes manually.
If restricting access to OpenVPN users is a concern, Firewall rules or Forward Filter Rules can be used. In the Firewall, the easiest way is to create a block rule blocking traffic when Source Interface == OpenVPN. Above that rule create rules to allow traffic when Username is the openvpn user you want to allow to the desired locations. In this scenario openvpn traffic will be blocked into your network except for explicitly allowed traffic.
Using rules you can limit access to certain resources to only the desired remote users.
Click to expand...



http://wiki.untangle.com/index.php/OpenVPN_FAQs
 
Last edited:
drebo said:
Why do people do this stuff to themselves?

GRE tunnels (easiest) or even IPSec on a real firewall would take literally minutes to set this up start to finish.
Click to expand...
Well, since you bring it up (and it is possible to change things), lets try your route 🙂 How would YOU set it up using GRE tunnels and/or IPSec?

I want this to be as easiest as possible but also secure (not NSA level, but something that can't be easily sniffed).

Also the client should be anything: Windows, OSX, Linux, Android, iOS, etc....AFAIK, there are OpenVPN clients for all of these.

John Connor said:
I have no idea what software that is
Click to expand...
Which?

John Connor said:
I believe if you want those NICs from communicating to each other they should all be placed in a subnet.
Click to expand...
Each of those devices Ive placed should NOT be able to communicate with each other. I should be able to communicate will all of them.
 
Last edited:
John Connor said:
Webmin.

Okay, so I just read the web site for Webmin. So you installed your server with it or just configured the server with Webmin?
Click to expand...
Installed the OpenVPN server with it too. Said it wasn't installed so I just went ahead and clicked on the link.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top