4. Isolate client OpenVPN

Isolate client OpenVPN

  • G

    Hi guys, am new to pfsence and OpenVPN so i currently started to work in an office using OpenVPN and pfsense. Atm I am wondering how can i make a client only to be able to RDP to a particular machine over VPN and to isolate em not to access any other LAN devices. Eg. shares/git. Someone mentioned me with Cleint Specific Overrides but am not aware on how to do it. The issue is that not all clients should be restricted but only particular ones, the moment with rule to drop anything except RDP port when over VPN won't work in this scenario.

    0
  • LAYER 8 Rebel Alliance

    You can set this up easy with CSO and Firewall Rules.
    VPN -> Open VPN -> Client Specific Overrides:
    Pick your Server, in Common Name put the Cert name of your Client. In IPv4 Tunnel Network put in the fixed IP you want to give to this user.
    For example, if you have a 10.11.12.0/24 Tunnel network and want this User to have 10.11.12.13 you put in 10.11.12.13/24
    Leave all the other stuff blank and hit Save.

    In Firewall -> Rules navigate to the OpenVPN Group tab. Add a new Rule
    IPv4 TCP Source 10.11.12.13/24 Destination Server IP Port MS RDP 3389
    Save and thats it. Maybe you need to Reset your States before testing.
    If you have Rules like Any-Any in your OpenVPN Group tab make sure to put the new Rule on top of that.

    -Rico

    0
    G
     1 Reply
  • G

    @rico Thanks !

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy