Prevent local LAN access
Posted: Thu Jan 06, 2022 8:30 pm
I am currently evaluating OpenVPN AS. I successfully deployed and configured the linux appliance and it is working as expected - except:
Even with tunnel all, when my test client is connected to VPN it can still access the local subnet. I need to disable this for security purposes.
I found a lot of documentation for --redirect-gateway however I need to know the equivalent key(s) to use with sacli cmd to update the server configuration - if this exists. I tried adding the redirect-gateway directive in the client ovpn file and loading the profile but this did not work. Is there a way to use the push directive on the server side?
All of my clients are/will be running Windows 10 so my next question, is this possible for Windows-based clients?
On a side note, when I had my windows client connected to OpenVPN AS, I was able to manually update the routing table using route print to obtain the desired result. Unfortunately - client local subnets will vary widely depending on where they connect from.
On another side note, are the OpenVPN AS sacli --key directives all documented somewhere in a single location? Searching for openvpn key no doubt yields results related to certificates and keys
Even with tunnel all, when my test client is connected to VPN it can still access the local subnet. I need to disable this for security purposes.
I found a lot of documentation for --redirect-gateway however I need to know the equivalent key(s) to use with sacli cmd to update the server configuration - if this exists. I tried adding the redirect-gateway directive in the client ovpn file and loading the profile but this did not work. Is there a way to use the push directive on the server side?
All of my clients are/will be running Windows 10 so my next question, is this possible for Windows-based clients?
On a side note, when I had my windows client connected to OpenVPN AS, I was able to manually update the routing table using route print to obtain the desired result. Unfortunately - client local subnets will vary widely depending on where they connect from.
On another side note, are the OpenVPN AS sacli --key directives all documented somewhere in a single location? Searching for openvpn key no doubt yields results related to certificates and keys