Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

VPN connect to specific VLAN

Follow
Avatar
Don Gilfillan-Jones

Hello,

I am using a FWG in my commercial property with a netgear switch and APs. I have setup 4 separate VLANs through the FWG and similarly on the netgear equipment. I want to provide individual VPN connections from a specific VPN client (Wiregaurd and OpenVPN) to only connect to specific VLANs. e.g. Wiregaurd to VLAN 10 and OpenVPN to VLAN 20.

I currently have no rules on my VPN networks and they can only connect to the main LAN 1 and I can only ping the netgear equipment.

I tried to set an allow rule for the Wiregaurd and VLAN 10 , but I was still not able to ping the devices on VLAN 10. 

what am I doing wrong/need to do differently? 

0

Comments

3 comments

Sort by Date Votes
  • Avatar
    James Willhoite

    Are you routing all traffic through your VPN connection? Make sure you do not have any block rules for the VLAN you want to access. I can access multiple VLAN from my VPN phone. I just had to add allow rules for that VPN Profile to access said VLAN (I have block rules for each VLAN to not allow talking back and forth between each network).

    0
    Comment actions Permalink
  • Avatar
    Don Gilfillan-Jones

    I do not have any block rules on the WireGaurd VPN, and it can only ping devices on the management LAN (firewalla and network equipment). I have blocking rules between all VLANs so they cannot see each other, but no rules on the WireGaurd. I even added an allow rule with bidirectional to the VLAN, and it still didn't see any devices. Any suggestions on this? What am I missing?

    I just setup OpenVPN and it could see all VLANs. Seems to be an issue with WireGaurd. I will have to give my client the OpenVPN config. I applied blocking rules so OpenVPN can only connect to their VLAN. The bad part is I can only give one client VPN access through OpenVPN config. 

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    Here is an example of mine. 

    I have a VLAN for IoT (192.168.90.0/24). Under that network I am blocking all traffic To and From Wireguard.

    I have one VPN Profile (My iPhone) that I want to access specific ip Addresses on the IoT Network. I have a rule for the VPN Device (iPhone) that says to ALLOW traffic TO 192.168.90.12 Outbound only (not bi-directional). This allows my iPhone, while on VPN, to access that specific device on the VLAN IoT. I only allow Outbound so that my phone can talk to it, but it cannot access my phone directly.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post