SSL VPN + VLANs - access management

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

SSL VPN + VLANs - access management

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
SSL VPN + VLANs - access management
SSL VPN + VLANs - access management
2024-03-26 09:40:50 - last edited 2024-03-28 01:22:52
Model: ER8411  
Hardware Version: V1
Firmware Version: 1.2.0

Hello,

I have a problem with ssl vpn and vlan configuration.

I have 5 vlans setup (10,20,30,40,50) and 2 vpn users (Root, Home).

I would like the Home user to have access only to vlan 20 and its internet traffic would also be tunneled.

I can't do this because when I give it access to the Internet, it also has access to other vlans.

Below are screenshots of my resources config.

 

 

I tried to enter gateway address instead of 0.0.0.0, but unfortunately there is no Internet access.

Of course, if I turn off Internet access (remove 0.0.0.0/0 from user resource), the Home user only has access to vlan20.

Please advise what else I can do. 

Thank You!

  0      
  0      
#1
Options
1 Accepted Solution
Re:SSL VPN + VLANs - access management-Solution
2024-03-27 09:54:10 - last edited 2024-03-28 01:22:52

  @Clive_A 

 

Thank you for your advice. Unfortunately ACL rules do not work with SSL VPN (Open VPN).
Despite this, I checked and found solution, ACL rules work with Wireguard, because of this I change my configuration to Wireguard.

Thank you.

Recommended Solution
  1  
  1  
#3
Options
2 Reply
Re:SSL VPN + VLANs - access management
2024-03-27 02:04:14 - last edited 2024-03-27 02:37:36

Hi @Dectro 

Thanks for posting in our business forum.

It conflicts and this is expected.

Dectro wrote

Hello,

I have a problem with ssl vpn and vlan configuration.

I have 5 vlans setup (10,20,30,40,50) and 2 vpn users (Root, Home).

I would like the Home user to have access only to vlan 20 and its internet traffic would also be tunneled.

I can't do this because when I give it access to the Internet, it also has access to other vlans.

Below are screenshots of my resources config.

 

 

 

I tried to enter gateway address instead of 0.0.0.0, but unfortunately there is no Internet access.

Of course, if I turn off Internet access (remove 0.0.0.0/0 from user resource), the Home user only has access to vlan20.

Please advise what else I can do. 

Thank You!

0.0.0.0/0 means any network. Which you remove it from the destination, it can only allow you to access the VLAN 20. Normal.

Setting 0.0.0.0/0 would allow its traffic to any network. Normal. Because 0.0.0.0/0 overlap all the networks.

 

Try to set up the ACL and see if it would stop this SSL client.

Or specify the resource group by creating multiple rules that exclude certain networks but include all other networks. That'll be tweaking your subnets.

That would be the only way to do it AFAICS.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  2  
  2  
#2
Options
Re:SSL VPN + VLANs - access management-Solution
2024-03-27 09:54:10 - last edited 2024-03-28 01:22:52

  @Clive_A 

 

Thank you for your advice. Unfortunately ACL rules do not work with SSL VPN (Open VPN).
Despite this, I checked and found solution, ACL rules work with Wireguard, because of this I change my configuration to Wireguard.

Thank you.

Recommended Solution
  1  
  1  
#3
Options