Menu
What's new
By:
Filters Better Search

How do I configure my OpenVPN server on my Asus router to allow spacific use by different clients

K

kwood30

New Around Here
I have set up a OpenVPN server on my Asus RT-AX82U router (Firmware version 3.0.0.4.386_45375) and it has automatically generated a Client.opvn file. But how do I now alter this file to allow certain access to my net work? I have a couple of servers, which also contain web services, and some clients I only want to have access to the one server with the web services. And other clients complete access to the whole network. I have tried to and searched for hours, but I cannot seem to find away (that i understand). Any help and advice would be greatly appreciated.
 
RMerlin

RMerlin

Asuswrt-Merlin dev
You can't. The VPN creates a tunnel between the remote end, and your network, beyond that it has no control over who can access what within that network.

In essence, treat a VPN as a way to simulate having that remote client directly plugged into an Ethernet port within your network.
 
K

kwood30

New Around Here
Is there no way of configuring the VPN or client file to only access the one server. Using the server IP address?
 
L&LD

L&LD

Part of the Furniture
You can only do that by having the Server run the OpenVPN server and not your router.
 
eibgrad

eibgrad

Part of the Furniture
I don't know if this is what you're looking for, but if you configure the OpenVPN server to assign specific IPs on the tunnel to specific OpenVPN clients, you could then uniquely identify those clients and create firewall rules that limit access to specific target resources.

For example, if the OpenVPN server is using 10.8.0.0/24, and a client has been assigned 10.8.0.2, and the remote network is 192.168.1.0/24, and that client should only have access to 192.168.1.100 …

Code: 
iptables -I FORWARD -s 10.8.0.2 ! -d 192.168.1.100 -j REJECT

Assigning specific IPs on the tunnel requires using a CCD (client-config-dir) directive that points to a folder containing files based on the common-name of the cert used by the given client. Within those files you would specify the ifconfig-push directive to assign the preferred IP. But that assumes every client is being assigned its own unique certs and keys, which isn't the case by default. Alternatively, you can require username/passwords (which most ppl do anyway) and use the username-as-common-name directive, which tells OpenVPN server to use the username instead to distinguish clients.

P.S. I just realized you're using oem/stock firmware, which will probably make the above impossible to implement, particularly the firewall rules. But at least w/ the right router and firmware (e.g., Merlin), it is possible.
 
Last edited:
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
A Cannot connect openvpn client and server at the same time VPN 16
G Any need to generate new .crt, .key, .ovpn when moving from an old OpenVPN? VPN 2
Krisbik OpenVpn Asus (route gateway is not reachable on any active network adapters) VPN 17
C Openvpn server on asus merlin - connections but but seem to be enlessly reconnecting VPN 16
C Openvpn server on Asus Merlin router ip allocations VPN 3
M OpenVPN Server behind ISP Router - can't connect VPN 3
N Asuswrt Merlin: My working OpenVPN configuration for Bi-Directional VPN (router to router) VPN 4
Chewie420 Help replacing OpenVPN with Wireguard on Asus RT-AX88U VPN 16
W Solved Cannot Add/Remove Users from OpenVPN Server VPN 2
G How to allow openvpn clients to access my LAN PC? VPN 9

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 306 (members: 16, guests: 290)
Top