Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple OpenVPN Servers, restrict LAN Access

    OpenVPN
    2
    2
    434
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • latency0msL
      latency0ms
      last edited by

      Dear netgate Community

      I have two working OpenVPN servers set up, OVPN1 and OVPN2.

      I use OVPN1 for the administration of the internal servers while OVPN2 is used exclusively as an IPv4 gateway.

      OVPN1 is allowed to have access to all internal networks. With OVPN2 I want a configuration that suppresses access to all internal networks only using IPv4 Gateway functionallity.

      OPVN1 > ALLOW ANY (LAN)
      OVPN2 > BLOCK (LAN) ALLOW IPv4 Gateway

      Any advice will be greatly appreciated.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @latency0ms
        last edited by

        @latency0ms
        Best practice is to create an alias and add all private network ranges to it, call it e.g. RFC1918.

        Then add a block rule to the top of the OpenVPN tab:
        source: OVPN2 tunnel network
        destination: RFC1918 alias

        For upstream from OVPN2 you also need an outbound NAT rule on WAN if you didn't add it already.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.