OpenVPN Server for LAN Access only (no internet forwarding)

_OpenVPN Server for LAN Access only.md

How to setup an OpenVPN server for LAN Access only

Install OpenVPN

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

Edit server.conf

/etc/openvpn/server/server.conf

Change the OpenVPN LAN address to prevent interfering with other OpenVPN connections server 10.8.0.0 255.255.255.0 to server 10.5.0.0 255.255.255.0

Comment out the following so Internet traffic is not routed through

#push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"

Add the following so VPN Clients get LAN route

# 10.13.37.254 is OpenVPN server's LAN IP
push "route 10.13.37.254 255.255.255.0"
push "route 10.13.37.0 255.255.255.0"

Edit client.conf

Comment out the following from client.conf and /etc/openvpn/server/client-common.txt

#ignore-unknown-option block-outside-dns
#block-outside-dns

Add LAN Routes

Add route to DDWRT/Routing.asp so LAN clients can respond

Destination LAN NET 10.5.0.0
Subnet Mask 255.255.0.0
Gateway 10.13.37.254

Add route to VM pfsense/system_routes.php

Destination network
10.5.0.0 / 32
Gateway
10.13.37.1

client-common.txt

client
dev tun
proto tcp
remote X.X.X.X 1337
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
verb 3

server.conf

local 10.13.37.254
port 1337
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.5.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "route 10.13.37.254 255.255.255.0"
push "route 10.13.37.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
client-to-client
persist-key
persist-tun
verb 3
crl-verify crl.pem