:?: How To Setup a Multi-Client/Client-To-Client Server

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
User avatar
minternauta
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 06, 2017 2:58 pm

:?: How To Setup a Multi-Client/Client-To-Client Server

Postby minternauta » Tue Jun 06, 2017 3:16 pm

Hey, Guys. I'm a "newbie" in the OpenVPN tech.. So, i need a big help! I need to configure an OpenVPN server that can receive connection from multiple clients and allow these clients to communicate with each other with the following rules, as in the image below:

Image

  1. Client 1 and Server 2 can only see each other
  2. Client 3 and Server 4 can only see each other

I have already been able to configure two clients with two different certificate/keys pair. But now I don't know how to create the routes so that clients see each other and block the others clients.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2721
Joined: Fri Jun 03, 2016 1:17 pm

Re: :?: How To Setup a Multi-Client/Client-To-Client Server

Postby TinCanTech » Tue Jun 06, 2017 3:50 pm

minternauta wrote:I have already been able to configure two clients with two different certificate/keys pair
Customise which servers you push to your clients using --client-config-dir.

See --client-config-dir in The Manual v24x

TiTex
OpenVPN Expert
Posts: 209
Joined: Tue Apr 12, 2011 6:22 am

Re: :?: How To Setup a Multi-Client/Client-To-Client Server

Postby TiTex » Tue Jun 06, 2017 3:55 pm

i'm not sure if i understood this correctly ,
client1 , client2 , server1 , server2 are all connected to the same vpn server as vpn clients , and you want that client1 and client2 can't reach server1 or server2 trough the vpn ?

it's not that hard , but you'll have to implement some type of firewall on your vpn server or possibly you could do that even on server1 & server2 if you don't do NAT on your vpn.

your VPN server should be configured for ease of use with something like

Code: Select all

topology subnet
server 10.10.10.0 255.255.255.0

you can use a higher netmask if you want

then dived this network in two separate subnets

Code: Select all

10.10.10.0 255.255.255.0  (10.10.10.0/24)  => 10.10.10.0-10.10.10.127 255.255.255.128     (10.10.10.0/25)
                                           => 10.10.10.128-10.10.10.255 255.255.255.128   (10.10.10.128/25)

then set up --client-config-dir (see the manual on how to do that) and assign the clients IP addresses from one range and the servers from another (excluding 10.10.10.0,10.10.10.127,10.10.10.128,10.10.10.255) , then set up firewall rules between the two ranges on your vpn server
you can create smaller subnets , or even do individual IP addresses firewalling rules , take this as just a summary of how you could do this and not sure if i'm 100% accurate .

User avatar
minternauta
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 06, 2017 2:58 pm

Re: :?: How To Setup a Multi-Client/Client-To-Client Server

Postby minternauta » Tue Jun 06, 2017 4:18 pm

Hey, TiTex.. U are close.. I want that client 1 to reach server 1 only and the client 2 to reach the server 2 only. So :
Client 1 => Server 1
Client 2 => Server 2

Soo, i also configured the server with the topology subnet. So you're telling me to use client-config-dir to set fixed IPs for VPN clients and cofnigured
individual routes for each client. Okay. Give me some help.

Do these routes I establish through iptables of Linux or .. ?
What would be the route configuration?

User avatar
minternauta
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 06, 2017 2:58 pm

Re: :?: How To Setup a Multi-Client/Client-To-Client Server

Postby minternauta » Tue Jun 06, 2017 5:12 pm

Just to Updated, i come up with these server configs:
Server Config
# OpenVPN HVPN Server Configuration
# Marcelo Junior (2017)
mode server
tls-server
port 1194
proto tcp-server
dev tun

# SSL Configs

ca /openvpn/ca/keys/ca.crt
cert /openvpn/ca/keys/HospedagemVPNServer.crt
key /openvpn/ca/keys/HospedagemVPNServer.key # This file should be kept secret
dh /openvpn/ca/keys/dh4096.pem
tls-auth /openvpn/ca/keys/ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC # AES
auth SHA256

# Network Configs

topology subnet
push "topology subnet"
ifconfig 10.1.0.1 255.255.255.0
push "route-gateway 10.1.0.1"
ifconfig-pool 10.1.0.2 10.1.0.250 255.255.255.0

# Client Configs

client-config-dir /openvpn/clients/configs

# Others

keepalive 10 120

comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log
log /var/log/openvpn.log
;log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 7

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20


Client 1 Config
# Setup the Fixed Address for the Client
ifconfig-push 10.1.0.4 255.255.255.0


Server 1 Config
# Setup the Fixed Address for the Client
ifconfig-push 10.1.0.5 255.255.255.0


Its worked, Client 1 has the 10.1.0.4 and the Client 2 has the 10.1.0.5 IP. Now how i setup the routes. In that config the Client 1 cant ping the Server 1, the Clients only see the VPN Server.


Return to “Server Administration”

Who is online

Users browsing this forum: No registered users and 5 guests