Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Isolate client OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Getbys
      last edited by

      Hi guys, am new to pfsence and OpenVPN so i currently started to work in an office using OpenVPN and pfsense. Atm I am wondering how can i make a client only to be able to RDP to a particular machine over VPN and to isolate em not to access any other LAN devices. Eg. shares/git. Someone mentioned me with Cleint Specific Overrides but am not aware on how to do it. The issue is that not all clients should be restricted but only particular ones, the moment with rule to drop anything except RDP port when over VPN won't work in this scenario.

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by Rico

        You can set this up easy with CSO and Firewall Rules.
        VPN -> Open VPN -> Client Specific Overrides:
        Pick your Server, in Common Name put the Cert name of your Client. In IPv4 Tunnel Network put in the fixed IP you want to give to this user.
        For example, if you have a 10.11.12.0/24 Tunnel network and want this User to have 10.11.12.13 you put in 10.11.12.13/24
        Leave all the other stuff blank and hit Save.

        In Firewall -> Rules navigate to the OpenVPN Group tab. Add a new Rule
        IPv4 TCP Source 10.11.12.13/24 Destination Server IP Port MS RDP 3389
        Save and thats it. Maybe you need to Reset your States before testing.
        If you have Rules like Any-Any in your OpenVPN Group tab make sure to put the new Rule on top of that.

        -Rico

        G 1 Reply Last reply Reply Quote 0
        • G
          Getbys @Rico
          last edited by

          @rico Thanks !

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.