routing and port forwarding for clients

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
vidiotsagl
OpenVpn Newbie
Posts: 1
Joined: Sun Aug 28, 2022 10:36 pm

routing and port forwarding for clients

Post by vidiotsagl » Sun Aug 28, 2022 11:03 pm

Hey all, I'm new to openvpn. More familiar with Cisco vpn technology and routing, etc.
I'm testing an openvpn server using openvpn access.
I'm trying to get a setup something like this:

client1

local subnet 172.27.10.0/24
IP: 172.27.10.20
Service listening ports: 80,443,123
client2

local subnet:192.168.30.0/24
ip: 192.168.30.30
server listening ports: 22,8443
openvpn access server

public IP example: 4.4.4.4
Local lan subnet: 10.0.10.0/24
ip address 10.0.10.5


I'm trying to make both of these guys server ports available from the openvpn access server side.
I"m also trying to make rule sets based on where traffic goes across the tunnel.

some user somewhere accesses 4.4.4.4 at port 8443 and it goes to client 2 by way of openvpn tunnel.
Some other user access 4.4.4.4 at port 80 and it goes to client 1.

For example, client 1 would ideally have "forward all traffic across the tunnel except for this list of IP and also maybe based on ports
Cisco land it looks like:
Cisco land conversion example

access-list example extended deny icmp host 8.8.8.8 any
access-list example extended deny tcp host 8.8.8.8 eq 80 any
access-list example extended permit ip any any

do not allow ping to 8.8.8.8 through tunnel
do not allow http requests to 8.8.8.8 through tunnel
(DO allow https requests to 8.8.8.8 through tunnel)
send everything else through tunnel


client 2 would have a unique set of rules.
I've searched through documentation and it's all pretty ambiguous and doesn't cover the kinds of things i'm trying.
Maybe I've looked in the wrong place or i'm trying to do something openvpn isn't equipped for.
I've been able to get the clients across the tunnel but their server access isn't forwarding.
Is this outside of my openvpn? Do I have to do routing in Linux to make this happen?
Thanks!

Post Reply