4. Isolate client OpenVPN

Isolate client OpenVPN

  • G

    Hi guys, am new to pfsence and OpenVPN so i currently started to work in an office using OpenVPN and pfsense. Atm I am wondering how can i make a client only to be able to RDP to a particular machine over VPN and to isolate em not to access any other LAN devices. Eg. shares/git. Someone mentioned me with Cleint Specific Overrides but am not aware on how to do it. The issue is that not all clients should be restricted but only particular ones, the moment with rule to drop anything except RDP port when over VPN won't work in this scenario.

    0
  • LAYER 8 Rebel Alliance

    You can set this up easy with CSO and Firewall Rules.
    VPN -> Open VPN -> Client Specific Overrides:
    Pick your Server, in Common Name put the Cert name of your Client. In IPv4 Tunnel Network put in the fixed IP you want to give to this user.
    For example, if you have a 10.11.12.0/24 Tunnel network and want this User to have 10.11.12.13 you put in 10.11.12.13/24
    Leave all the other stuff blank and hit Save.

    In Firewall -> Rules navigate to the OpenVPN Group tab. Add a new Rule
    IPv4 TCP Source 10.11.12.13/24 Destination Server IP Port MS RDP 3389
    Save and thats it. Maybe you need to Reset your States before testing.
    If you have Rules like Any-Any in your OpenVPN Group tab make sure to put the new Rule on top of that.

    -Rico

    0
    G
     1 Reply
  • G

    @rico Thanks !

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy