how to narrow access for a openvpn user
-
Hi,
I need to give acces to a specific client to a specific application on a specific server.
The only way it works is to use a vpn, in our case openvpn.
But the way we organised openvpn is that the client would have access to all sources of our site.
The question therefore is: how can I narrow down the access the client has to just that server and application?
Should I make a rule to his specific wan ip?
Or should I make a rule to his openvpn ip?
And how would a rule look like and were to make: lan side or wan side?
Love to hear form someone, regards, Fons -
Is it a premium?
-
@Fons said in how to narrow access for a openvpn user:
need to give acces to a specific client to a specific application on a specific server.
The only way it works is to use a vpn, in our case openvpn.
But the way we organised openvpn is that the client would have access to all sources of our site.
The question therefore is: how can I narrow down the access the client has to just that server and application?
Should I make a rule to his specific wan ip?
Or should I make a rule to his openvpn ip?
And how would a rule look like and were to make: lan side or wan side?
Love to hear form someone, regards, FonsGive the client a specific IP address and then create firewall rules, an explicit allow to the host they need access to then a explicit deny to anything else from their IP address.
Make sure the two rules are above the allow any normal OpenVPN clients.
-
Added to what @NogBadTheBad said :
Start up a new OpenVPN server on - example - port 1195.
Assign this user - his credentials - to this VPN.
Assign the OpenVPN interface of this instance to an Interface.
Now you can use this firewall for this interface to fine-grain the access on IP "destination".When a user comes in using a VPN, he can access - typically - your LAN(s). But all devices on these LANs have their own access codes.
The server your user should access has it's own user privileges set up, right ?Btw : put your server on a DMZ ....
