rkk2025
Occasional Visitor
Hi,
I have connected two LANs via OpenVPN. My RT-AC68U is acting as OpenVPN Server (TUN), and the other Router connects to it allowing me to communicate with any device from the other LAN.
On my RT-AC68U I also have a Guest network, which has no access to my intranet. But to my surprise the Guest network seems to be able to communicate with any Client that is connected to my OpenVPN Server on the Router. The routes are also working, allowing anybody from my Guest Network to access the whole LAN on the other end. A simple network scan from the Guest Network reveals all the IPs from the other LAN, which is a huge problem.
Is there any way to block the Guest Network from communicating with the OpenVPN Clients? Basically allowing the connected clients to communicate only with my personal intranet.
Is the VLAN1 interface on the Router the Guest Network? Maybe it would be possible to somehow block that interface from being able to communicate with the tunX interface by using iptables or firewall rules? (I'm not sure how that is done though). Any ideas?
P.D: I'm on Asuswrt-Merlin 384.4_2
I have connected two LANs via OpenVPN. My RT-AC68U is acting as OpenVPN Server (TUN), and the other Router connects to it allowing me to communicate with any device from the other LAN.
On my RT-AC68U I also have a Guest network, which has no access to my intranet. But to my surprise the Guest network seems to be able to communicate with any Client that is connected to my OpenVPN Server on the Router. The routes are also working, allowing anybody from my Guest Network to access the whole LAN on the other end. A simple network scan from the Guest Network reveals all the IPs from the other LAN, which is a huge problem.
Is there any way to block the Guest Network from communicating with the OpenVPN Clients? Basically allowing the connected clients to communicate only with my personal intranet.
Is the VLAN1 interface on the Router the Guest Network? Maybe it would be possible to somehow block that interface from being able to communicate with the tunX interface by using iptables or firewall rules? (I'm not sure how that is done though). Any ideas?
P.D: I'm on Asuswrt-Merlin 384.4_2