I want to know how to configure or set the vpn so that I can put protected resources in VPN.
Someone has already pointed out in the Slack channel that more information is needed to answer your question.
But let’s give it a try:
You can use the “AllowedIPs” field to manage what traffic is allowed over the VPN (the protected resources). Configuring 0.0.0.0/0 as “AllowedIPs” will tell the client to route all traffic over the VPN. If you only want to route specific routes, you can remove 0.0.0.0/0 and add the networks you wish as protected sources, whether public or private. This will enable you to access resources and browse the internet as though you are in the same network as your FireZone server.
Here’s an example to make it more concrete:
Let’s say you have an office with a corporate firewall that has some IPSEC VPNs to your data center. Your clients on the office network can access everything hosted via that L2L VPN. If you deploy a Firezone setup in the office network, you can put 0.0.0.0/0 in the “AllowedIPs” field to remotely access everything as if you were in the office when connected to your Firezone VPN. By default, the Firezone instance will use NAT Overload to translate everything to the IP on the host server/worker node.
Ow, and if you use Private DNS zones, don’t forget to push your custom DNS servers instead of public (default) servers. Otherwise, you can’t resolve your private zones.