Jacobbe73 Posted September 5, 2023 Share Posted September 5, 2023 (edited) Hello to all, as I wrote, I need to create a VPN server service to connect clients to my unraid server only to use my internet connection but not my internal lan. I tried to find in "Apps" section, a sort of OpenVPN Server to install in a dedicated docker but what I understood this app was removed. Everybody are using Wireguard that is included in the Unraid OS. Can I use Wireguard also for my purpose? In detail I need to leave my clients to connect to my server only to use my internet connection just to give them possibility to navigate in internet using my public IP address and nothing else (not possible to browse in my internal network). Hope my description is quite clear, in any case any your suggestions are more than welcome! Many thanks in advance! Jacobbe73 Edited September 5, 2023 by Jacobbe73 mistake Quote Link to comment
Mainfrezzer Posted September 5, 2023 Share Posted September 5, 2023 You can indeed do that with wireguard. Needs manual configuration of the wireguard server with iptables to drop packets with your local network as destination. Quote Link to comment
itimpi Posted September 5, 2023 Share Posted September 5, 2023 It is quite easy to make sure they can only get to your server, or specific IP addresses inside your LAN. what you do not mention is what control you want to have over what on your server can be accessed. For example the simplest solution might allow access to the Unraid GUI - would you be happy with that? Quote Link to comment
Mainfrezzer Posted September 5, 2023 Share Posted September 5, 2023 43 minutes ago, itimpi said: It is quite easy to make sure they can only get to your server, or specific IP addresses inside your LAN. Thats the total opposite^^ Whats sought is Internet only - No Lan access. Quote Link to comment
itimpi Posted September 5, 2023 Share Posted September 5, 2023 3 hours ago, Mainfrezzer said: Thats the total opposite^^ Whats sought is Internet only - No Lan access. I do not understand - are you saying that you want users on your local LAN to access the internet ? As I said it is easy to restrict incoming connections FROM the internet to what you want them to access. Quote Link to comment
Mainfrezzer Posted September 5, 2023 Share Posted September 5, 2023 (edited) 6 minutes ago, itimpi said: I do not understand - are you saying that you want users on your local LAN to access the internet ? As I said it is easy to restrict incoming connections FROM the internet to what you want them to access. Na not me, the OP. OP wants to provide a VPN connection for someone outside their lan to use their server as exitnode but does not want the clients to be able to access the lan network the wireguard server is running on. Edited September 5, 2023 by Mainfrezzer Quote Link to comment
itimpi Posted September 5, 2023 Share Posted September 5, 2023 1 minute ago, Mainfrezzer said: Na not me, the OP. OP wants to provide a VPN connections for someone outside their lan to use their server as exitnode but does not want the clients to access their lan network. As I said it is easy to restrict incoming connections to whatever you want. There was no mention of what services those users should be able to access as restricting those may have implications. Quote Link to comment
Mainfrezzer Posted September 5, 2023 Share Posted September 5, 2023 7 minutes ago, itimpi said: As I said it is easy to restrict incoming connections to whatever you want. There was no mention of what services those users should be able to access as restricting those may have implications. Still not on it. The client that connects to the unraid wireguard server shall have access to the whole of the internet, wherever they are in the world. Everything, except for the network the wireguard server is running on, i.e bogus networks. Pratically be a tor exit node without the ability to reach the local network of the node. theres a guide for that but im not sure how well that translate to the unraid wireguard variant https://gist.github.com/qdm12/4e0e4f9d1a34db9cf63ebb0997827d0d Quote Link to comment
Jacobbe73 Posted September 5, 2023 Author Share Posted September 5, 2023 First of all many thanks to everybody for your quickly reply! I know my request could be a little strange.... I installed Unraid server in my home and I am very happy for this. I have some internal devices that are connected to my Unraid server through internal lan (192.168...) and all works well. The Unraid server and all my internal devices are using internet trought my domestic router and in internet network they use public (and dinamic) Ip address. What I need to di is connect one external device (coming from internet) to my Unraid server (using VPN connection and port forwarding rules) to exit again in internet using my public IP adress. To do this, I also need to avoid that this external device can browse in my internal network and see my share and device connected. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.