Restrict OVPN client Access to Single PC



  • How can I do restriction on OVPN client to my network. My server mode is  Remote Access (SSL/TLS + User Auth)

    Following is my scenario

    1. I have one software developer who need to access our server from other location through openvpn.
    2. I need to restrict him only to access one particular machine in my entire network.

    Please Provide a valuable solution.

    Regards
    Sreyas



  • Since pfsense per default denies access you should only have to create a pass rule in the firewall rules for openvpn.
    First create a rule that allows it access to this specific machine.
    secondly and this depends on whether you have an allow all rule at the bottom like me for internet access, Create a rule that blocks access to the lan.
    If you have more subnets create a block rule for those as well.
    Make sure you place the rule that allows access to the machine on top. the block rules below and then the allow all at the bottom.



  • Could you be more specific

    Following is my scenario

    1. I had assigned static IP for those VPN Users via CSO.
    2. I had created a firewall rule Deny ALL for this client on OVPN interface
    3. Just below I had Allow SSH(22) to this client as source and destination my internal server IP.

    From your solution what I understand is

    1. I need to create a Rule to allow My Server IP
    2. I had created a firewall rule Deny ALL for this client on OVPN interface
    3. Just below I had Allow SSH(22) to this client as source and destination my internal server IP.

    Am i right ?



  • Can someone help  :'(