OpenVPN Server - Can I restrict access client to specified local IP on the server side local LAN? HELP!

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

dblock8212

New Around Here
I have an Asus RT-AC88U running on stock firmware (Version 3.0.0.4.386.41700). I have created an OpenVPN server so that my brother can access my NAS from his home remotely. I have DDNS set up on the router. I can connect from his home to the VPN without issue. However, I noticed that when he is connected to my VPN, he then has access to all IP addresses on my home network not just the NAS. Is it possible to restrict his access to only my NAS local IP for example: 192.168.1.201. I don't know if this has to be done on the OpenVPN side or with iptables / firewall. Either way I don't know if this is even possible.
 

eibgrad

Very Senior Member
Since I don't use the stock firmware, I can't say what capabilities it has (it's often quite limited in this regard). Mostly like NOT.

You need the ability to assign a specific OpenVPN client IP (e.g., 10.8.0.2) to his connection to uniquely identify it (unless he's the only using it). Then you need low-level access to the firewall to restrict his IP on the tunnel to that specific destination IP (e.g., 192.168.1.201). With third-party firmware (e.g., Merlin), this kind of thing is done all the time.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top