[SOLVED]Disable access to OpenVPN via WiFI


There is router TP-Link Archer C60 v2 with installed OpenWRT 18.06.1.
With standart configuration:
WAN - Some extarnal IP
vpn0(OpenVPN client as tun adapter)

LAN clients has access to VPN network.

Is there any way to disable access to VPN network from WiFi connections?
But leave access to VPN from LAN(wired).

ifconfig ouput



The easiest way I can think of is to disable the bridge of lan and wifi.
Then you can block everything coming from wifi to the VPN.

1 Like

I agree with @trendy.

To elaborate, I think you'd want to setup a different network (i.e. an entirely different subnet... for example to which the wifi is attached. From there, you'll want a new firewall zone (i.e. wifi_firewall) which would be configured to not allow forwarding to/from the VPN (but presumably still allow forwarding to the WAN; maybe allow forwarding between your LAN and Wifi networks).

Keep in mind that this may introduce some other issues such as media sharing/casting between the networks when the transport relies on mDNS among other things. These are addressable, but something to keep in mind.

Alternatively, depending on the device(s) you want to be able to access the VPN network, you might be able to whitelist certain clients with firewall rules. But if you want a clean wired=VPN access, wireless=No VPN, using 2 distinct networks is probably the easiest.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.