Jump to content

easy-peasy Access into Whole Network


Recommended Posts

[ONLY WORKS IF LAN HAS INTERNET ACCESS]

                    []         *         []--LAN/WAN
POWER--[]__________[]

| SWITCH 3= OPENVPN     ][     SWITCH 4= SSH |

MASQUERADE iptables= Add into payloads/switch3 payload.sh "iptables -A POSTROUTING -t nat -j MASQUERADE"
Accept All LAN & VPN config zone "/etc/config/firewall"

Add following on the end of "/etc/config/firewall"
config forwarding 'vpn'
    option src 'tun0'
    option dest 'lan'

config forwarding 'vpn'
    option src 'lan'
    option dest 'tun0'

############################################
DigitalOcean Marketplace OpenVPN Access Server Droplet
SSH into it & Configure. [Default]
    After Setting up Access Server: passwd openvpn
    root@5a1an:~# sysctl -p
    net.ipv4.ip_forward = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv4.conf.all.accept_source_route = 1
    net.ipv6.conf.all.accept_source_route = 1

############################################
OPENPVN ACCESS SERVER CONFIGURATION:
VPN Settings>Routing
Should VPN clients have access to private subnets (non-public networks on the server side)? Yes, using NAT
Specify the private subnets to which all clients should be given access (one per line):
192.168.0.0/24
192.168.2.0/24

Should client Internet traffic be routed through the VPN? YES
Should clients be allowed to access network services on the VPN gateway IP address? YES
Advanced VPN Settings> Inter-Client Communication
Should clients be able to communicate with each other on the VPN IP Network? YES
Additional OpenVPN Config Directives (Advanced)
Server Config Directives
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
route 192.168.2.0 255.255.255.0

User Management> User Permissions
SQUIRREL config.ovpn configuration
Allow Auto-login
More Settings> Access Control
Select addressing method: Use NAT
Allow Access To these Networks:
192.168.0.0/24
192.168.2.0/24

Allow Access From: ☑ all server-side private subnets
Allow Access From: ☑ all other VPN clients
VPN Gateway> Configure VPN Gateway: Yes
Allow client to act as VPN gateway for these client-side subnets:
192.168.0.0/24
192.168.2.0/24

Link to post
Share on other sites

There are different ways to accomplish this, I didn't do all the steps as per above, but if it gets the job done, it's all good

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...