Vpn client-lan for acces to all vlan networks in my Omada network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Vpn client-lan for acces to all vlan networks in my Omada network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Vpn client-lan for acces to all vlan networks in my Omada network
Vpn client-lan for acces to all vlan networks in my Omada network
2022-11-21 18:53:30 - last edited 2023-08-22 12:28:35

Hi, since 2 weeks i have setup an omada network, with oc200 controller,  7206 vpn gateway, 2218 and 2008p managed switches.

so far all good working. With a lot of reading from this forum and youtube. I have now 4 vlans, vlan1 for management, vlan 10 for my own computers, vlan 20 for IoT, and vlan 30 for guests.

acl switch rules prevent acces from every vlan into the other vlan, and also made some rules preventing opening the webpage of the vlan gateways.

i got the oc200 on poe from 2008p switch, vlan 1.

got an ip camera for testing on vlan 20 on poe from 2008p switch.

gateway, controller and switches have fixed ip in vlan 1

ddns setup (running as service on my windows server, so not setup in 7206)

also the internet optic fibre is now still connected via the genexis router, provided by my isp.

so the 7206 is connected to one of the lan ports of the genexis, but in a few weeks will be connected directly to the optic fibre network. Genexis wil be taken down.

for now i also got my vpn l2tp/ipsec working, with some portforwardings in the genexis.

now the question(s):

 

i want a vpn setup, and have to give in an ip adres or range in a vlan i guess.

when i do so, and connect via the vpn, i indeed get that ip adress in my laptop, and can see this in the controller.

is it now possible , or necessary to make an extra vlan, with an ip range, and set the vpn in this vlan. So i can make acl switch rule that from there i can get into every vlan? This vpn vlan (as i would call it) would not be attached to any switch ports, but jus an existing vlan in the gateway. And then allow acl switch rule that this vlan can get into all other vlans, if needed to download data from vlan 10, or adjust settings in my IoT vlan 20.

management vlan i can get in also via tplink cloud.

 

or should i just make a vpn setup for each vlan?  What would people with more experience then me advice me.

 

again, a lot of interesting items found on this site/forum, which helped me to setup my network as it is now quite fast.

 

rgds

patrick

  0      
  0      
#1
Options
2 Reply
Re:Vpn client-lan for acces to all vlan networks in my Omada network
2022-11-23 17:45:04 - last edited 2023-08-22 12:28:24

  @Pksparks 

To whom it may concern, i followed my instinct. Made vlan 50, with only a few ip adresses in it.

set up vpn for this ip range

made acl switch rule to permit acces to all vlans from vlan 50 ip range.

 

when connecting to vpn, i got an ip adress, ending 50.1

and it was possible to ping all vlans, but more important i could for example change settings on my non-tplink camera in vlan 20, which was not possible by tplink cloud management.

also could make networkshares on my laptop to some folders on my server in vlan10.

 

again, very happy with the whole of omada so far.

i find it quite easy to setup, to check, and to expand. Also centralised firmware updates are an advantage

 

this weekend continue with my accespoint, which will have 3 ssid's in 3 vlans, 2,4 GHz and 5 GHz.

 

hope it is raining.

 

rgds

Patrick

  1  
  1  
#2
Options
Re:Vpn client-lan for acces to all vlan networks in my Omada network
2023-04-08 06:59:11 - last edited 2023-08-22 12:28:25

  @Pksparks 

 

In your case, it would be much easier to set up only one VPN client and configure the necessary access control rules allowing it to access all your VLANs. You might also want to consider setting up a dedicated VPN server instead of using the 7206 gateway as the VPN server. This will make configuring the access control rules much simpler since you can manage the server on a separate computer.

  0  
  0  
#3
Options