Isolate client OpenVPN

  • Hi guys, am new to pfsence and OpenVPN so i currently started to work in an office using OpenVPN and pfsense. Atm I am wondering how can i make a client only to be able to RDP to a particular machine over VPN and to isolate em not to access any other LAN devices. Eg. shares/git. Someone mentioned me with Cleint Specific Overrides but am not aware on how to do it. The issue is that not all clients should be restricted but only particular ones, the moment with rule to drop anything except RDP port when over VPN won't work in this scenario.

  • LAYER 8 Rebel Alliance

    You can set this up easy with CSO and Firewall Rules.
    VPN -> Open VPN -> Client Specific Overrides:
    Pick your Server, in Common Name put the Cert name of your Client. In IPv4 Tunnel Network put in the fixed IP you want to give to this user.
    For example, if you have a Tunnel network and want this User to have you put in
    Leave all the other stuff blank and hit Save.

    In Firewall -> Rules navigate to the OpenVPN Group tab. Add a new Rule
    IPv4 TCP Source Destination Server IP Port MS RDP 3389
    Save and thats it. Maybe you need to Reset your States before testing.
    If you have Rules like Any-Any in your OpenVPN Group tab make sure to put the new Rule on top of that.


  • @rico Thanks !

Log in to reply