I’m using an AR300M with OpenVPN to connect to a remote network. The wireless access point is of course secured, so only those with the WPA2 password can access it, and hence the VPN connection. However, I’m not always physically present with the router, meaning that if someone physically plugged into the ethernet port on the device they could access the remote network via the VPN without any authentication at all.
Is it possible to isolate the ethernet ports on the router so that (1) I can still access the set-up UI for the router if necessary but (2) it’s not possible to access the VPN by directly plugging in?
Can I check which lan the OpenVPN network is bound to?
If I want to keep the wifi able to access OpenVPN, does that interface need to stay assigned to the existing lan network?
Then I would create a second lan (called say lan2), and assign the physical ethernet port to that and make any changes to the routing table to allow lan2 to access the UI? If I’ve understood correctly, you’re saying that lan2 would not be able to access the OpenVPN network.