HowTo OpenVPN for one VLAN [SOLVED]
-
Hi. This was originally gonna be a post asking for help on making this work but I solved it in the process so now I'm posting it as a a [crappy] guide in case it might help someone.
I wanted to set up an OpenVPN connection and use that only with a specific VLAN.
My last missing piece was the outbound NAT at the very bottom of this post.
In the OpenVPN settings I've had to check "Don't pull routes" and also make sure under status - OpenVPN it says Connected (Success).
Next I have 2 interfaces of interest:
I only have one rule set up for the VLAN:
There are no rules set up for the VPN interface (OPT8_VPN / ovpnc1) or for the OpenVPN thing (something that shows up under rules but it's not an interface) - just the VLAN.
Note that for the VLAN I had to go to advanced settings and pick a specific gateway, I think I had created that as well or it may have been automatically created.
The gateway settings look like this:
Not sure if the DHCP settings matter for the VLAN, they are, and the PC I'm using for testing gets IP 192.168.18.100 as expected:
With NAT outbound rules, I really don't know what I'm doing but here is what ended up working:
Anyway, now I can plug any PC into a specific port on my switch to have it go through the VPN and I can always assign more ports like that as needed and I'm pretty excited about that :) The rest of my network works the same as before, using my ISP / actual IP.
-
If you use a firewall rule like that to send all traffic from that subnet over the VPN you should be sure to set a remote DNS server in the DHCP server settings. Otherwise it will send the local interface address to clients to use and that will fail since it will be forced over the VPN.
I would also set the OPT9_VLAN18_VPN subnet as the source for that rule so it cannot overmatch should traffic from other subnets end up there. That should never happen but it's best practice to pass only what is required.
Steve
-
@stephenw10 Thanks a bunch for the tips! I fixed it.
