Hi,
I have two routers linked via ethernet to get good signal around the house. I want to isolate a few devices from the rest of the house LAN as they typically have badly behaving users (teenagers who load gods knows what onto their devices). These users can connect to either of the routers, which are all running the latest Merlin builds (thank-you). I've tried to stop them loading the nasty items on, but the latest trick is simply to move to SSL VPNs. I don't have the capability to ensure they do not load bad actor software. so I'm looking for a solution. if this was my work, employment policy would work, but teenagers are a different kettle of fish!
I believe the only way to achieve this is using the following setup:
1) Primary router with internet connection
- OpenVPN server connecting to the internet with isolation enabled
- OpenVPN client connecting to the OpenVPN server above
- policy based routing (eg x3m)
2) Second router, connected via ethernet cable to Primary router:
- OpenVPN client connecting to the server on the Primary router
- Policy based routing (eg (x3m)
However, I do not want the OpenVPN server exposed to the internet otherwise it becomes an attack surface, so how can I block this from listening on the WAN?
Also, if there is an easier or better way to do this, please do let me know.
P.S. If anyone knows how to stop SSL VPNs from LAN clients, that would be awesome too
Thanks
David
I have two routers linked via ethernet to get good signal around the house. I want to isolate a few devices from the rest of the house LAN as they typically have badly behaving users (teenagers who load gods knows what onto their devices). These users can connect to either of the routers, which are all running the latest Merlin builds (thank-you). I've tried to stop them loading the nasty items on, but the latest trick is simply to move to SSL VPNs. I don't have the capability to ensure they do not load bad actor software. so I'm looking for a solution. if this was my work, employment policy would work, but teenagers are a different kettle of fish!
I believe the only way to achieve this is using the following setup:
1) Primary router with internet connection
- OpenVPN server connecting to the internet with isolation enabled
- OpenVPN client connecting to the OpenVPN server above
- policy based routing (eg x3m)
2) Second router, connected via ethernet cable to Primary router:
- OpenVPN client connecting to the server on the Primary router
- Policy based routing (eg (x3m)
However, I do not want the OpenVPN server exposed to the internet otherwise it becomes an attack surface, so how can I block this from listening on the WAN?
Also, if there is an easier or better way to do this, please do let me know.
P.S. If anyone knows how to stop SSL VPNs from LAN clients, that would be awesome too
Thanks
David