Prevent local LAN access

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
michael.pare
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 06, 2022 6:41 pm

Prevent local LAN access

Post by michael.pare » Thu Jan 06, 2022 8:30 pm

I am currently evaluating OpenVPN AS. I successfully deployed and configured the linux appliance and it is working as expected - except:

Even with tunnel all, when my test client is connected to VPN it can still access the local subnet. I need to disable this for security purposes.

I found a lot of documentation for --redirect-gateway however I need to know the equivalent key(s) to use with sacli cmd to update the server configuration - if this exists. I tried adding the redirect-gateway directive in the client ovpn file and loading the profile but this did not work. Is there a way to use the push directive on the server side?

All of my clients are/will be running Windows 10 so my next question, is this possible for Windows-based clients?

On a side note, when I had my windows client connected to OpenVPN AS, I was able to manually update the routing table using route print to obtain the desired result. Unfortunately - client local subnets will vary widely depending on where they connect from.

On another side note, are the OpenVPN AS sacli --key directives all documented somewhere in a single location? Searching for openvpn key no doubt yields results related to certificates and keys

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Prevent local LAN access

Post by openvpn_inc » Thu Jan 06, 2022 9:08 pm

Hello michael.pare,

The redirect-gateway functionality is to redirect Internet traffic through the VPN tunnel.

Give this a try instead:
https://openvpn.net/vpn-server-resource ... t-side-lan

And no, there is no single one page that decribes all possible sacli commands and functions. But you can go here:
https://openvpn.net/vpn-server-resources/

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply