Joined: 18 Mar 2014 Posts: 7758 Location: Netherlands
Posted: Wed May 05, 2021 12:59 Post subject:
Maybe not but you should get rid of the firewall rules and probably of all the extra rules, you only need the rule to NAT OpenvPN traffic out if your OpenVPN clients want internet as described in paragraph 8a (and of course disable the "Inbound Firewall on TUN")
You should probably also get rid of the extra's in the Additional Config
For access to clients on the LAN disable "CVE-2019-14899 Mitigation" and if necessary allow VPN traffic in the LAN clients firewall
The picture on page 9 should give you a good overview.
Make its Local IP address 192.168.2.1 or some such that is not same as your main.
EDIT: leave its gateway and DNS all blank (zeros) ....end EDIT
you will need to reboot it so all is good and whatever is connected to it will be good.
You can of course set this unit up as a WAP with WAN assigned to switch and still run an OVPN server on it iffin you want.
I have a couple set that way so all my main stuff is on same subnet. You have to do a bit of research
egc likely has a guide about that also....I ain't looked at his stuff...since I've had all mine running long before he got so active
It's my dinner time so gotta run
Last edited by mrjcd on Thu May 06, 2021 0:09; edited 1 time in total