Jump to content

easy-peasy Access into Whole Network


5A1AN

Recommended Posts

[ONLY WORKS IF LAN HAS INTERNET ACCESS]

                    []         *         []--LAN/WAN
POWER--[]__________[]

| SWITCH 3= OPENVPN     ][     SWITCH 4= SSH |

MASQUERADE iptables= Add into payloads/switch3 payload.sh "iptables -A POSTROUTING -t nat -j MASQUERADE"
Accept All LAN & VPN config zone "/etc/config/firewall"

Add following on the end of "/etc/config/firewall"
config forwarding 'vpn'
    option src 'tun0'
    option dest 'lan'

config forwarding 'vpn'
    option src 'lan'
    option dest 'tun0'

############################################
DigitalOcean Marketplace OpenVPN Access Server Droplet
SSH into it & Configure. [Default]
    After Setting up Access Server: passwd openvpn
    root@5a1an:~# sysctl -p
    net.ipv4.ip_forward = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv4.conf.all.accept_source_route = 1
    net.ipv6.conf.all.accept_source_route = 1

############################################
OPENPVN ACCESS SERVER CONFIGURATION:
VPN Settings>Routing
Should VPN clients have access to private subnets (non-public networks on the server side)? Yes, using NAT
Specify the private subnets to which all clients should be given access (one per line):
192.168.0.0/24
192.168.2.0/24

Should client Internet traffic be routed through the VPN? YES
Should clients be allowed to access network services on the VPN gateway IP address? YES
Advanced VPN Settings> Inter-Client Communication
Should clients be able to communicate with each other on the VPN IP Network? YES
Additional OpenVPN Config Directives (Advanced)
Server Config Directives
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
route 192.168.2.0 255.255.255.0

User Management> User Permissions
SQUIRREL config.ovpn configuration
Allow Auto-login
More Settings> Access Control
Select addressing method: Use NAT
Allow Access To these Networks:
192.168.0.0/24
192.168.2.0/24

Allow Access From: ☑ all server-side private subnets
Allow Access From: ☑ all other VPN clients
VPN Gateway> Configure VPN Gateway: Yes
Allow client to act as VPN gateway for these client-side subnets:
192.168.0.0/24
192.168.2.0/24

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...