OpenVPN clients not adopting local network ACLs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

OpenVPN clients not adopting local network ACLs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
OpenVPN clients not adopting local network ACLs
OpenVPN clients not adopting local network ACLs
2023-06-15 19:34:00
Hardware Version:
Firmware Version:

Omada software controller on Docker Container - FW 5.9.31

ER7206 v1.0 FW 1.3.0

 

About to launch some MVP/prototype products which rely upon VPN for data dumping. Created a VLAN for isolation as these will be out in the field. Enabling v disabling DHCP server doesn't affect outcome.

 

Applied a stateful ACL to isolate this VLAN. 'States Type' auto v manual doesn't affect outcome.

 

Created two OpenVPN servers, one with full access for myself. The restricted's IP pool is assigned to the same subnet as the VLAN.

 

I can connect and am assigned an IP on subnet 192.168.254, but am able to ping/access hosted services on subnets 0, 2, and 3. Since a traceroute from my phone with the restricted VPN profile showed the first hop as 169.254.x.x/16, I tried changing the restricted VLAN to 169.254.0.1/16, but that still didn't prevent access to the other subnets.

 

Are stateful ACLs implemented for OpenVPN? Is there a different approach to isolating OpenVPN clients?

  0      
  0      
#1
Options