Access Control - How to add more server-side private subnets?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
Starbase12
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 02, 2021 6:45 am

Access Control - How to add more server-side private subnets?

Post by Starbase12 » Fri Jul 02, 2021 11:36 am

Hello,

in addition to my first request regarding the possible software-bug, I have the need to add additional subnets on the server side, which are allowed to connect to the remote-side of my site-to-site VPN. At the user settings of the AS there is the option called "Allow Access From: all server-side private subnets". The server itself is located at 192.168.200.0/24 and only that Subnet is currently allowed. However, I'm having also clients that are located at 192.168.201.0/24. Is there a possibility to also enter these additional subnets somewhere?

My tempoary solution currently is that I add the following rule manually after establishing the connection: "iptables -A AS0_U_PARENTS_OUT -s 192.168.201.0/24 -j ACCEPT".

Best wishes
Chris

chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Re: Access Control - How to add more server-side private subnets?

Post by chilinux » Thu Jul 08, 2021 6:30 pm

I believe what you are looking for is available in the web admin portal under:
Configuration -> VPN Settings -> Routing -> Specify the private subnets to which all clients should be given access (one per line)

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Access Control - How to add more server-side private subnets?

Post by openvpn_inc » Sat Jul 10, 2021 2:45 pm

Note also that if you want 192.168.200.0/24 and 192.168.201.0/24, a single CIDR expression of 192.168.200.0/23 includes both.

I <3 subnetting, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply