OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Access clients by their VPN ip behind NAT

https://forums.openvpn.net/viewtopic.php?t=36545

Page 1 of 1

Access clients by their VPN ip behind NAT

Posted: Sun Aug 27, 2023 2:38 am
by SpeedMonster
Hi there!
How should OpenVPN AS be configured if I need:
1) To access clients (clients' port 443, for instance) from server side by their VPN IP
2) Clients should not access server ports or "see" other clients
?
This is some kind of a remote support, where admin needs to access client's machines.
Thanks!

Re: Access clients by their VPN ip behind NAT

Posted: Tue Aug 29, 2023 5:49 am
by openvpn_inc
Hello,

For VPN clients to be exposed to your network you need to set up routing access. This requires your network to cooperate by making the VPN client subnet reachable from your network.

Regarding the second requirement, routing access is two-way. At best you could add custom iptables rules to block certain traffic in ways that you want to block it while leaving other paths open.

Your situation is not one that can be done with typical GUI settings.

Kind regards,
Johan
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/