Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 790 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? Offline
      A Former User
      last edited by

      I would like to route several subnets across my OpenVPN tunnel while maintaining their isolation. Is this possible?

      Here is what I have.

      Server:
      10.1.10.0/24 (should only be accessed by 10.2.10.0/24 on client side)
      10.1.20.0/24 (should only be accessed by 10.2.20.0/24 on client side)

      Client:
      10.2.10.0/24 (should only be accessed by 10.1.10.0/24 on server side)
      10.2.20.0/24 (should only be accessed by 10.1.20.0/24 on server side)

      thank you.

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Sure. Governed by the rules on the respective OpenVPN tabs.

        They dictate what connections are allowed from the other side of an OpenVPN connection.

        So, on the server:
        pass any source 10.2.10.0/24 dest 10.1.10.0/24
        pass any source 10.2.20.0/24 dest 10.1.20.0/24

        On the client:
        pass any source 10.1.10.0/24 dest 10.2.10.0/24
        pass any source 10.1.20.0/24 dest 10.2.20.0/24

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • ? Offline
          A Former User
          last edited by

          Would this be considered policy-based routing (via firewall rules), as opposed to static routing via the routes defined in the server and client instances? I am taking these terms from the Netgate hangouts Advanced OpenVPN slides/video. I just want to ensure that I understand the terminology correctly.

          Using the OpenVPN tab to control the routes would I need to define anything under the local or remote networks or just leave those blank? Should I be selecting force all client generated traffic through this tunnel? When would I use that option ?

          Thanks

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by Derelict

            No.

            You are asking about limiting access based on routes that already exist. That is accomplished with firewall rules passing the desired traffic.

            How to route the traffic in the first place is a different question.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.