• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multiple OpenVPN Servers, restrict LAN Access

Scheduled Pinned Locked Moved OpenVPN
2 Posts 2 Posters 438 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    latency0ms
    last edited by Oct 31, 2022, 8:37 AM

    Dear netgate Community

    I have two working OpenVPN servers set up, OVPN1 and OVPN2.

    I use OVPN1 for the administration of the internal servers while OVPN2 is used exclusively as an IPv4 gateway.

    OVPN1 is allowed to have access to all internal networks. With OVPN2 I want a configuration that suppresses access to all internal networks only using IPv4 Gateway functionallity.

    OPVN1 > ALLOW ANY (LAN)
    OVPN2 > BLOCK (LAN) ALLOW IPv4 Gateway

    Any advice will be greatly appreciated.

    V 1 Reply Last reply Oct 31, 2022, 9:35 AM Reply Quote 0
    • V
      viragomann @latency0ms
      last edited by Oct 31, 2022, 9:35 AM

      @latency0ms
      Best practice is to create an alias and add all private network ranges to it, call it e.g. RFC1918.

      Then add a block rule to the top of the OpenVPN tab:
      source: OVPN2 tunnel network
      destination: RFC1918 alias

      For upstream from OVPN2 you also need an outbound NAT rule on WAN if you didn't add it already.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received