Restricting VPN user to accessing only a single ip



  • I am new to firewalls and pfsense and I am wondering if it is possible to restrict a VPN user to only accessing a single ip address on the network. So they would only be able to access one computer instead of the whole network.
    If so then how?



  • Off course this is possible. pfSense is a firewall, that's its primary job.

    How to do depends on whether you want to restrict access to a particular user or to all vpn users.
    If all users should be restricted modify the default allow any to any rule on OpenVPN interface (assuming you have used the wizard for setup) and change the destination to "single host or alias" and enter the host you want to permit access to the vpn users.

    If you want to restrict only certain users you have to configure client specific overrides at first to assign static IPs to these users and then use these IPs as source in the firewall rules.