Hi,
is there any possibility of accessing the Blue Network device from the OpenVPN roadwarrior?
Locally from the green network, I can ping all of the devices in the Blue network, but not via the roadwarrior OpenVPN.
Can I simply add a custom route of Blue network in the roadwarrior setting?
Kind Regards,
Adnan
Sure there is.
This is the default behaviour of NethServer 7.
IMVHO this is a dual “layer” issue.
First the OpenVPN client should somehow “know” how to reach the BLUE subnet (custom route) or should not know how to reach it, but all traffic is managed from routing part of NethServer (Route all traffic througt VPN). Both options are viable but might not be suitable for your case. Before taking any of these options, take note of the routing table OpenVPN is providing to the client.
Then NethServer should know if it’s allowed to let OpenVPN clients communicate with BLUE zone. And things here become a bit trickier.
Source: Firewall — NethServer 7 Final
Firewall policies allow inter-zone traffic accordingly to this schema:
GREEN -> BLUE -> ORANGE -> REDTraffic is allowed from left to right, blocked from right to left.
OpenVPN clients and subnets are… “another zone”.
Source: VPN — NethServer 7 Final
By default, the network traffic between VPNs is blocked by the firewall.
And there’s some reasoning behind this. Therefore, prior to allow communication “blind” between both subnets… take some time to tinker some rules and keep them tight.
Also remember that OpenVPN user can be binded to a specific OpenVPN subnet address.