Block WAN access for OpenVPN clients

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
orion44
OpenVpn Newbie
Posts: 2
Joined: Tue May 16, 2017 5:21 am

Block WAN access for OpenVPN clients

Post by orion44 » Tue May 16, 2017 5:41 am

Hello,

I'm running two OpenVPN servers on my ASUS RT-AC5300 router running Asuswrt-Merlin 380.66. I would like to block WAN access for my second OpenVPN server, i.e. just allow LAN access. I am aware the option "Direct clients to redirect Internet traffic" set to "No" does not block WAN access.

Can this be done via the Custom Configuration field at the bottom of the page or do I have to setup the firewall rules (iptables) manually to block OpenVPN server #2 subnet from the WAN?

Image

Thanks!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Block WAN access for OpenVPN clients

Post by TinCanTech » Tue May 16, 2017 10:48 am

orion44 wrote:I would like to block WAN access for my second OpenVPN server, i.e. just allow LAN access
You have setup
  • Code: Select all

    [X] Push LAN to clients
    [ ] Direct clients to redirect internet traffic
That should be enough ..
orion44 wrote:do I have to setup the firewall rules (iptables) manually to block OpenVPN server #2 subnet from the WAN?
You could do that also.

orion44
OpenVpn Newbie
Posts: 2
Joined: Tue May 16, 2017 5:21 am

Re: Block WAN access for OpenVPN clients

Post by orion44 » Tue May 16, 2017 8:29 pm

Thanks for the follow-up, but that does not block WAN access. The OpenVPN client can choose to route all IPv4 traffic through the tunnel to my server and that gives them WAN access. I need a way to block access on my server and just wondered if I could it as part of the Custom Configuration field at the bottom.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Block WAN access for OpenVPN clients

Post by TinCanTech » Tue May 16, 2017 8:51 pm

OpenVPN provides the tunnel .. it does not provide for any filtering.

So use your firewall for filtering.

Post Reply