Hi, I recently bought a asus rt-ac56r router for a home office and upgraded with the latest merlin firmware. Good thing is that the openVPN server was easy to setup, and the firmware (web interface) allows two options, 1. allow access to LAN only; or 2. allow access to LAN and to redirect internet traffic. My situation is that we want to have two different vpn users, one can access LAN and internet thru VPN but the other can only do internet (no access to LAN). The second user login can then be used in country like China or Iran hopefully to get around the government censorship w/o any risk of exposing internal network.
After some reading on the openvpn doc, I think the following might be able to get what we want,
1. setup openVPN server on asus router, select the "allow access to LAN and internet option"
2. create two user account, say, user1 and user2
3. in the customized vpn config box, add the "client-connect /jffs/scripts/connect.sh" line, and in connect.sh script somehow find out which user is connecting, then assign them different subnets
4. in firewall rule, allow one vpn subnet to access LAN, but disallow the other
Can someone here confirms if this method would work? also, what are the concrete commands I can use to achieve 3 and 4? Pretty new to networking, so please bear with me my simple questions.
Thanks!
Bob
After some reading on the openvpn doc, I think the following might be able to get what we want,
1. setup openVPN server on asus router, select the "allow access to LAN and internet option"
2. create two user account, say, user1 and user2
3. in the customized vpn config box, add the "client-connect /jffs/scripts/connect.sh" line, and in connect.sh script somehow find out which user is connecting, then assign them different subnets
4. in firewall rule, allow one vpn subnet to access LAN, but disallow the other
Can someone here confirms if this method would work? also, what are the concrete commands I can use to achieve 3 and 4? Pretty new to networking, so please bear with me my simple questions.
Thanks!
Bob