OpenVPN client can access to all my local network VLAN, whatever with one VLAN I setup as visible.
Hello!
I got problem, witch contloler Omada, i gues.
I'm using router ER707-M2 v1.0, two switches T1600G-52P and a few APs adopted to Omada Software Controler.
Omada version: 5.14.32.3
Into router is configured three VLAN:
- Default (vlan 1)
- Kamery - (vlan 20)
- And VLAN for wi-fi (vlan 130)
Inside LAN, every roules works fine, network "Default" can't see "Kamery" and wi-fi, network.
But when i configured OpenVPN server, i can accces to any of this VLANs. Even when i set only one of this three as visible.
How should i do this corectly?
Is that kind of bug in Omada?
I'm sorry for Polish language on screenshot.
It shows setting up a new OpenVPN server in Omada controller:
Greetings
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Wyciu
Thanks for posting in our business forum.
Wyciu wrote
Hello!
I got problem, witch contloler Omada, i gues.
I'm using router ER707-M2 v1.0, two switches T1600G-52P and a few APs adopted to Omada Software Controler.Omada version: 5.14.32.3
Into router is configured three VLAN:
- Default (vlan 1)
- Kamery - (vlan 20)
- And VLAN for wi-fi (vlan 130)
Inside LAN, every roules works fine, network "Default" can't see "Kamery" and wi-fi, network.
But when i configured OpenVPN server, i can accces to any of this VLANs. Even when i set only one of this three as visible.
How should i do this corectly?
Is that kind of bug in Omada?
I'm sorry for Polish language on screenshot.
It shows setting up a new OpenVPN server in Omada controller:
Greetings
So, it is on Split Tunnel mode, and you've selected one of the LANs.
Do you have ACL configured for VLAN isolation prior to the VPN?
What IP do you configure for the OVPN clients?
- Copy Link
- Report Inappropriate Content
@Clive_A Thank you for your attention.
I have configured VLANs like this:
And OpenVPN like this:
Where have i made a mistake?
I heven't created ALC roules for OpenVPN. How should I do this?
I configured only Gateway ACLs for VLANS inside local networks. And all it works fine.
- Copy Link
- Report Inappropriate Content
Hi @Wyciu
Thanks for posting in our business forum.
Wyciu wrote
@Clive_A Thank you for your attention.
I have configured VLANs like this:
And OpenVPN like this:
Where have i made a mistake?
I heven't created ALC roules for OpenVPN. How should I do this?
I configured only Gateway ACLs for VLANS inside local networks. And all it works fine.
There is no config issue as far as I can tell like my previous reply.
So, what would be the IP address you can access over the VPN tunnel to another VLAN interface?
Will you be able to ping the remote device and vice versa in the VLAN (interface)?
- Copy Link
- Report Inappropriate Content
Hi,
If I recall correctly in my configuration I was doing ACLs to Deny connection between VPN network and some VLANs (to do so I had to add IP Group which covered VPN's IP Pool).
Also, I do remember that in VPN's configuration I have switched from Network Interfaces to IP ranges:
This worked better with Permitting/Denying traffic.
I'm not an expert, that was more like testing result on my side - some hit or miss reconfiguration - but if you need some support in your local language I can try to help.
Cheers
- Copy Link
- Report Inappropriate Content
For example IP: 192.168.20.81, is address one of IP camera. I can, from OpenVPN tunel, "See" this camera. Another cameras in this VLAN, every clients in "Default" VLAN are visible.
Now I can't see wi-fi devices, because I turned on guest network option, so devices can't see each other.
I can ping to network 192.168.160.0/24, in both directions - to VLAN 1. (I can't test ping from VLAN 20 because there are only cameras).
I need to setup my OpenVPN tunel, to may connect only witch IPs in VLAN 1 for this moment. I mean one direction only - From 192.168.160.0/24 => 192.168.100.0/22.
- Copy Link
- Report Inappropriate Content
Hi @Wyciu
Thanks for posting in our business forum.
Wyciu wrote
For example IP: 192.168.20.81, is address one of IP camera. I can, from OpenVPN tunel, "See" this camera. Another cameras in this VLAN, every clients in "Default" VLAN are visible.
Now I can't see wi-fi devices, because I turned on guest network option, so devices can't see each other.I can ping to network 192.168.160.0/24, in both directions - to VLAN 1. (I can't test ping from VLAN 20 because there are only cameras).
I need to setup my OpenVPN tunel, to may connect only witch IPs in VLAN 1 for this moment. I mean one direction only - From 192.168.160.0/24 => 192.168.100.0/22.
You selected the local network as default, so it allows the 192.168.160.0/24 to access the 192.168.100.0/22. That's expected.
You mean you have communications between 192.168.160.0/24 to 192.168.20.0/24?
- Copy Link
- Report Inappropriate Content
Yes. This is this problem.
I'm using Ubuntu as OS for Omada Controler Software.
PS: RaRu solution doesn't works.
- Copy Link
- Report Inappropriate Content
Hi @Wyciu
Thanks for posting in our business forum.
Wyciu wrote
Yes. This is this problem.
I'm using Ubuntu as OS for Omada Controler Software.
PS: RaRu solution doesn't works.
Something that I tried in the past. Create a VLAN interface which uses the same subnet as you have for the OVPN.
And go to ACL and create the ACL based on your desire. Will that work? I cannot recall this kind of setup but I remember it somehow worked for others.
Give it a try?
- Copy Link
- Report Inappropriate Content
It seems that even this tip doesn't work.
I at all possible to set up Omada like this example?
It will really help me in work.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 229
Replies: 10
Voters 0
No one has voted for it yet.