Routing special IPs from server to client

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • MarkusI72
    Junior Member
    • Apr 2024
    • 1

    Routing special IPs from server to client

    Hi,

    my situation is the following:

    I have a OpenVPN server running on my ASUS router (AsusWRT Merlin).
    The OpenVPN server operates in 10.8.0.x range.
    My LAN operates in 192.168.1.x range (where my router, which also runs the OpenVPN server has 192.168.1.1).

    I have a remote LAN, also with a AsusWRT Merlin router.
    The remote LAN runs in 192.168.10.x range.

    The remote router connects as OpenVPN client to my server.
    Let's assume for simplicity reasons, the assigned OpenVPN client ip for the remote router is 10.8.0.100.


    I want to achieve the following:

    1. Neither the remote router nor any other OpenVPN client should (ideally) be able to access my LAN (192.168.1.x).
    2. Whenever a LAN-192.168.1.x IP wants to talk to a 192.168.10.x IP, the traffic should get routed through the 10.8.0.100 OpenVPN remote router client.
    3. Every OpenVPN client, which is NOT the remote router should be able to access the 192.168.10.x network, too

    In other words:
    - from my LAN, I'd like to able to access all 192.168.10.x IPs on the remote router's side
    - every other OpenVPN client should be able to do the same
    - my 192.168.1.x LAN should ideally be completely protected from being accessed by any OpenVPN client

    I have to admit, that my networking / routing skills are very basic, but I am willing to learn and understand.

    Here is, where I am right now:

    1. the remote router automatically and successfully connects to my local OpenVPN server
    2. I can ping 10.8.0.100 from my LAN (at least I was able to an hour ago, but I might have messed it up right now 🙃 )

    I tried to set a static route in AsusWRT Merlin like 192.168.10.0/255.255.255.0 -> 10.8.0.100 / VPN but without success
    (as I said, I am completely new in that area of expertise).

    Am I on the right track in general or am I completely wrong?
    I my goal achievable in general? Or only in parts? If the latter, which?

    Any hint on how to tackle my challenge is highly appreciated!

    Thanks
    Markus
  • trimyawroll
    Junior Member
    • Feb 2024
    • 1

    #2
    To shield your server LAN you must use your firewall. eg: `iptables`

    Comment

    Working...
    😀
    😂
    🥰
    😘
    🤢
    😎
    😞
    😡
    👍
    👎