I hope you could help me with finding a solution to my problem.
Specifically, I have the following problem. I would like to use OpenWRT to set up a VPN server connected to the Internet, where clients located at different locations can connect to (I understand this is quite easy to achieve).
At the same time, each VPN client, equipped with OpenWRT as well, should forward to/from the VPN server the traffic generated by the respective LAN, and can be composed by heterogeneous devices, not running OpenWRT and not under my control.
However, I would like to do the following:
- Maintain an updated directory on the same location of the VPN server, containing the list of all the LAN devices active in the network (for instance, with traffic generated in the last X minutes).
- Allow a LAN device to transmit/receive packets to/from the VPN if it is listed in the directory previously-mentioned
- Deny all the traffic generated by LAN devices that are not listed in the directory.
- Update the directory when a new LAN device is authorized to generate traffic.
I can imagine that Access Control Lists (ACL) can be one of the tools to be used, but still, I do not realize which tool to use for the maintenance of the directory. Maybe, an option could be to use something like a Discovery protocol, but which one? Is there a solution of this type already available within any OpenWRT project, or do I have to create a protocol on my own to do so?
Thank you in advance to anyone for any suggestion!