I'm testing an openvpn server using openvpn access.
I'm trying to get a setup something like this:
client1
local subnet 172.27.10.0/24
IP: 172.27.10.20
Service listening ports: 80,443,123
client2
local subnet:192.168.30.0/24
ip: 192.168.30.30
server listening ports: 22,8443
openvpn access server
public IP example: 4.4.4.4
Local lan subnet: 10.0.10.0/24
ip address 10.0.10.5
I'm trying to make both of these guys server ports available from the openvpn access server side.
I"m also trying to make rule sets based on where traffic goes across the tunnel.
some user somewhere accesses 4.4.4.4 at port 8443 and it goes to client 2 by way of openvpn tunnel.
Some other user access 4.4.4.4 at port 80 and it goes to client 1.
For example, client 1 would ideally have "forward all traffic across the tunnel except for this list of IP and also maybe based on ports
Cisco land it looks like:
Cisco land conversion example
access-list example extended deny icmp host 8.8.8.8 any
access-list example extended deny tcp host 8.8.8.8 eq 80 any
access-list example extended permit ip any any
do not allow ping to 8.8.8.8 through tunnel
do not allow http requests to 8.8.8.8 through tunnel
(DO allow https requests to 8.8.8.8 through tunnel)
send everything else through tunnel
client 2 would have a unique set of rules.
I've searched through documentation and it's all pretty ambiguous and doesn't cover the kinds of things i'm trying.
Maybe I've looked in the wrong place or i'm trying to do something openvpn isn't equipped for.
I've been able to get the clients across the tunnel but their server access isn't forwarding.
Is this outside of my openvpn? Do I have to do routing in Linux to make this happen?
Thanks!