5A1AN Posted March 30, 2021 Share Posted March 30, 2021 [ONLY WORKS IF LAN HAS INTERNET ACCESS] [] * []--LAN/WAN POWER--[]__________[] | SWITCH 3= OPENVPN ][ SWITCH 4= SSH | MASQUERADE iptables= Add into payloads/switch3 payload.sh "iptables -A POSTROUTING -t nat -j MASQUERADE"Accept All LAN & VPN config zone "/etc/config/firewall" Add following on the end of "/etc/config/firewall" config forwarding 'vpn' option src 'tun0' option dest 'lan' config forwarding 'vpn' option src 'lan' option dest 'tun0' ############################################ DigitalOcean Marketplace OpenVPN Access Server DropletSSH into it & Configure. [Default] After Setting up Access Server: passwd openvpn root@5a1an:~# sysctl -p net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.accept_source_route = 1 net.ipv6.conf.all.accept_source_route = 1 ############################################ OPENPVN ACCESS SERVER CONFIGURATION: VPN Settings>Routing Should VPN clients have access to private subnets (non-public networks on the server side)? Yes, using NAT Specify the private subnets to which all clients should be given access (one per line):192.168.0.0/24 192.168.2.0/24 Should client Internet traffic be routed through the VPN? YES Should clients be allowed to access network services on the VPN gateway IP address? YES Advanced VPN Settings> Inter-Client Communication Should clients be able to communicate with each other on the VPN IP Network? YES Additional OpenVPN Config Directives (Advanced)Server Config Directivespush "route 192.168.0.0 255.255.255.0" route 192.168.0.0 255.255.255.0 push "route 192.168.2.0 255.255.255.0" route 192.168.2.0 255.255.255.0 User Management> User PermissionsSQUIRREL config.ovpn configurationAllow Auto-login ☑ More Settings> Access Control Select addressing method: Use NATAllow Access To these Networks:192.168.0.0/24 192.168.2.0/24 Allow Access From: ☑ all server-side private subnets Allow Access From: ☑ all other VPN clientsVPN Gateway> Configure VPN Gateway: YesAllow client to act as VPN gateway for these client-side subnets:192.168.0.0/24 192.168.2.0/24 Link to comment Share on other sites More sharing options...
chrizree Posted March 30, 2021 Share Posted March 30, 2021 There are different ways to accomplish this, I didn't do all the steps as per above, but if it gets the job done, it's all good Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.