User Tools

Site Tools


edgerouter:openvpn-roadwarrior

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
edgerouter:openvpn-roadwarrior [2017/09/18 15:38] – [EdgeRouter Configuration] brielleedgerouter:openvpn-roadwarrior [2017/09/18 15:46] (current) brielle
Line 15: Line 15:
 On the EdgeRouter, make changes where appropriate.  Subnet 192.168.0.0/24 should be whatever your LAN subnet behind the EdgeRouter is.  If your subnet is one of the common ones that is by default (like 192.168.0.0/24), there's a good chance your clients may have issues if their LAN also matches yours. On the EdgeRouter, make changes where appropriate.  Subnet 192.168.0.0/24 should be whatever your LAN subnet behind the EdgeRouter is.  If your subnet is one of the common ones that is by default (like 192.168.0.0/24), there's a good chance your clients may have issues if their LAN also matches yours.
  
-You can use NETMAP rules to avoid having to change your LAN addressing scheme.+You can use NAT rules to avoid having to change your LAN addressing scheme.
  
 <code>set interfaces openvpn vtun0 firewall in name OpenVPN-Mobile <code>set interfaces openvpn vtun0 firewall in name OpenVPN-Mobile
Line 61: Line 61:
 pem key file contents here pem key file contents here
 </key> </key>
 +</code>
 +
 +===== NAT Rules To Work Around Same Subnets On Both Ends =====
 +If you have a subnet on your LAN side that is one of the common default ones on most consumer networks (like 192.168.0.0/24), you'll need to use NAT rules to setup a NETMAP to work around conflicts.
 +
 +Example:
 +<code>Server LAN: 192.168.0.0/24
 +Client Range: 10.10.10.0/24
 +NETMAP Range: 172.30.254.0/24
 +</code>
 +
 +The NETMAP range is the IP range that will be directly mapped to your LAN range and the range your clients will use to connect to devices on your LAN (aka, if your clients need to access 192.168.0.5, they will use 172.30.254.5 instead).
 +
 +<code>
 +set service nat rule 1000 description OpenVPN-Mobile-vtun0
 +set service nat rule 1000 destination address 172.30.254.0/24
 +set service nat rule 1000 inbound-interface vtun0
 +set service nat rule 1000 inside-address address 192.168.0.0/24
 +set service nat rule 1000 log disable
 +set service nat rule 1000 protocol all
 +set service nat rule 1000 type destination
 </code> </code>