|
Title: Does anyone know if VPN Routing works in 2.5.1?? Post by: ChiefEngr on Thursday 09 August 2012, 04:58:01 am After looking through the forum, I see alot of people having the same problem I am having -- trying to route traffic between OpenVPN Users and specific zones or servers. Either it doesn't work, or there is some subtle thing we are all doing wrong.
Here's my particular situation: My goal is to restrict the internal endpoints that each VPN user can access. In some cases, these will be DMZ (Orange) servers, while in other cases, the VPN user will have access to the entire DMZ (Orange) and LAN (Green) networks. VPN users do not need to access the WAN (Red) network through the tunnel. I've confirmed that OpenVPN is installed and working properly on my EFW system and on a client computer by enabling the OpenVPN server, bridging it to the GREEN Zone, and setting a dynamic IP range in my LAN's subnet. I also created a sample user (user.green) with no Client routing or push configurations set. From an external network, I am able to establish a tunnel and freely access all of the endpoint on my LAN. For my real application, consider the case of two more users: user.orange and user.restricted. The goal is for: > user.green to be able to access the entire LAN (Green Zone) > user.orange to be able to access the entire DMZ (Orange Zone) > user.restricted to be able to access only ONE specific server (which could be in either the LAN or DMZ) Here’s what I’ve done (with no success)… 1) Changed the OpenVPN Server configuration to NOT bridged, and assigned a VPN Subnet that is not within any of my internal (LAN or DMZ) subnets. 2) Enabled the VPN Firewall (under Firewall > VPN Traffic). 3) Added a new VPN Firewall Rule: Source: OpenVPN User “user.green” Destination: Zone GREEN Any service or Port Action: ALLOW After restarting and establishing the OpenVPN Connection, user.green cannot access anything anywhere. I have tried fiddling with all sorts of rules, users, routing – all with no joy. Can anyone point me in the right direction?? Or, can this software simple NOT do what I am trying to accomplish?? Thanks in advance for any assistance anyone can provide. |