![]() At the same time, the management interface of the router can be accessed through 192.168.20.1.Īfter a successful connection, the server assigns the VPN client an IP address of 10.10.10.13. Go to SSL VPN ->Status, information about the Client connection will also be displayed here.Īccount 2: VPN Client can only access VLAN 20, but cannot access VLAN 30Īfter a successful connection, the server assigns the VPN client an IP address of 10.10.10.12. The second hop is the default gateway of the VPN Server, and all data of the client goes through the VPN Tunnel to realize proxy Internet access. ![]() Because the data is encrypted, the corresponding IP address cannot be resolved. When the client accesses 8.8.8.8, the first hop is the VPN Tunnel. Use the OpenVPN GUI on the client to import the configuration file, enter the corresponding username and password to connect.Īfter a successful connection, the server assigns the VPN client an IP address of 10.10.10.11. Go to SSL VPN ->SSL VPN Server, click Export Certificate to export the configuration file, and the client can connect to the server using this configuration file. Here, we created the following three account information based on the resource permissions of the above three accounts: Each account corresponds to a different user group and you can set the Username and Password according to your demands. Go to SSL VPN ->User Management->User, click Add to create three user accounts. Please note that if you want to implement the proxy Internet access of the client, please select Group_ALL for the resource group. Apply different resource groups to the three user groups according to the different permissions of the three accounts. Go to SSL VPN ->User Management->User Group, click Add to create three user groups. Group_LAN refers to all devices behind the Server, and Group_ALL also includes resources for accessing the Internet. Note: There are two default resource groups Group_LAN and Group_ALL. Go to SSL VPN ->Resource Management->Resource Group, click Add to apply the two tunnel resources created in step 3 to two different resource groups. On the popup page, AllowVLAN20 uses IP addresses to limit resources AllowICMP uses ICMP Protocol to limit resources. Go to SSL VPN ->Resource Management->Tunnel Resources, click Add to create two tunnel resources. Set the Primary DNS as 8.8.8.8 (you can set it according to your demands), then click Save to save the settings. On the popup page, choose Service port as WAN/LAN4, choose Virtual IP Pool as SSL_VPN that created on step 1. Go to SSL VPN ->SSL VPN Server, check Enable. You may set the values according to your network. On the popup page, here we name the IP Pool Name as SSL_VPN, configure Starting IP Address as 10.10.10.10, Ending IP Address as 10.10.10.100, then click OK to save the settings. Go to Preferences -> VPN IP Pool, Click Add. When the VPN client is applying to connect, the VPN server will assign a virtual IP address, which is from the VPN IP Pool. According to the following network topology, create three accounts with different permissions on the SSL VPN server to meet different requirements.Īccount 1: VPN Client implements proxy Internet access through VPN Server Īccount 2: VPN Client can only access VLAN 20, but cannot access VLAN 30 Īccount 3: The VPN Client and the devices behind the Server can only interact through the ICMP protocol. SSL VPN can set the permissions that each user can access to resources and improve the management of the entire network.
0 Comments
Leave a Reply. |