Openvpn setup scenario

Hello, running openvpn server on my openwrt router I want to achieve following scenario:

  1. clients can connect to openvpn server and access LAN device and also route all traffic via router with openvpn server. -> seems as default openvpn setup based on guide from openwrt page

  2. some vpn clients will be able to access only one specific IP in LAN and not be able to route all traffic via router. Can I setup this inside client.ovpn file or do i need a specific iptables rule on router?

  3. from LAN subnet on openwrt router (where openvpn server is running) I will be able to access LAN devices on openvpn client side. is that scenario described in section 8. Site-to-Site on https://openwrt.org/docs/guide-user/services/vpn/openvpn/extra#client_fixes ?

  4. the scenario 3) + openvpn client will be able access on router's LAN only specific IP/port (ie ftp, etc). The latter will be set up with iptables rules?

Thank you!

Yep.

https://openwrt.org/docs/guide-user/services/vpn/openvpn/extras#disable_gateway_redirection

Yep.

I suggest to use native firewall service:
https://openwrt.org/docs/guide-user/firewall/firewall_configuration
You should create a separate firewall zone with appropriate zone policies, assign VPN-network to it and add traffic forwardings or custom firewall rules.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.