1
Virtual private networks / VPN talking to select IP's
« on: November 26, 2020, 05:14:04 pm »
Hello Smart People!
I'm in the process of setting up a multiVPN environment, I ultimately want my native connection running on 192.168.0.1/24 range, my US VPN running on 192.168.2.1/24 range and another 2 VPN's running on 192.168.3.1/24 and 192.168.4.1/24 respectively. I'll use tagged Vlan traffic (via ports and SSID's) to direct traffic down the correct VPN.
The setup is primarily for media if you are wondering.
Ok, the bit I need some help with. I have my first (US) VPN up and running great, tagged traffic goes where it needs to go and I have no leaks so Netflix etc all works perfectly. However, I have a plex server running on my native range and the devices on my VPN can't see it.
I would like to identify specific IP's that can talk to devices across all the ip ranges.
For example, something sitting on my US VPN with an IP 192.168.2.100 can speak to my plex server on 192.168.1.10, ideally with no leaks.
My interfaces (with just the first VPN setup) looks like this:
Interface Network Port
LAN emo
VPN_GW_USA ovpnc3
VPN_Lan vlan 2 on emo()
WAN igb0
I've setup 4 firewall rules (which I think is the relevant bit) on VPN_LAN as follows:
Source Port Destination Port Gateway
VPN_LAN net * VPN_Lan address * *
VPN_LAN Address * VPN_LAN address * *
VPN_Lan net * * * VPN_GW_VPNV4
VPN_LAN Address * * * VPN_GW_VPNV4
Now, how the devil do I make my VPN IP range 192.168.2.* see my plex server on 192.168.1.10.
I would also reapply this logic to my native IP cell phone range as so the cell phones can communicate with the devices as I sometimes use them as controls and I might think about letting the voice assistants (google spies) also talk to the devices on the VPN.
You are all probably wondering how I managed to set this up so far and not able to do this last bit, well, it was trial and error and many days without internet as my gateways and interfaces died with my tinkering touch. With a bit of luck I've ended up here!
I'm just hoping one of you smart people can kick me over the finish line!
Thank you!
David
I'm in the process of setting up a multiVPN environment, I ultimately want my native connection running on 192.168.0.1/24 range, my US VPN running on 192.168.2.1/24 range and another 2 VPN's running on 192.168.3.1/24 and 192.168.4.1/24 respectively. I'll use tagged Vlan traffic (via ports and SSID's) to direct traffic down the correct VPN.
The setup is primarily for media if you are wondering.
Ok, the bit I need some help with. I have my first (US) VPN up and running great, tagged traffic goes where it needs to go and I have no leaks so Netflix etc all works perfectly. However, I have a plex server running on my native range and the devices on my VPN can't see it.
I would like to identify specific IP's that can talk to devices across all the ip ranges.
For example, something sitting on my US VPN with an IP 192.168.2.100 can speak to my plex server on 192.168.1.10, ideally with no leaks.
My interfaces (with just the first VPN setup) looks like this:
Interface Network Port
LAN emo
VPN_GW_USA ovpnc3
VPN_Lan vlan 2 on emo()
WAN igb0
I've setup 4 firewall rules (which I think is the relevant bit) on VPN_LAN as follows:
Source Port Destination Port Gateway
VPN_LAN net * VPN_Lan address * *
VPN_LAN Address * VPN_LAN address * *
VPN_Lan net * * * VPN_GW_VPNV4
VPN_LAN Address * * * VPN_GW_VPNV4
Now, how the devil do I make my VPN IP range 192.168.2.* see my plex server on 192.168.1.10.
I would also reapply this logic to my native IP cell phone range as so the cell phones can communicate with the devices as I sometimes use them as controls and I might think about letting the voice assistants (google spies) also talk to the devices on the VPN.
You are all probably wondering how I managed to set this up so far and not able to do this last bit, well, it was trial and error and many days without internet as my gateways and interfaces died with my tinkering touch. With a bit of luck I've ended up here!
I'm just hoping one of you smart people can kick me over the finish line!
Thank you!
David