4. how to narrow access for a openvpn user

how to narrow access for a openvpn user

  • F

    Hi,

    I need to give acces to a specific client to a specific application on a specific server.
    The only way it works is to use a vpn, in our case openvpn.
    But the way we organised openvpn is that the client would have access to all sources of our site.
    The question therefore is: how can I narrow down the access the client has to just that server and application?
    Should I make a rule to his specific wan ip?
    Or should I make a rule to his openvpn ip?
    And how would a rule look like and were to make: lan side or wan side?
    Love to hear form someone, regards, Fons

    0
  • Banned

    Is it a premium?

    0
  • N
    Galactic Empire

    @Fons said in how to narrow access for a openvpn user:

    need to give acces to a specific client to a specific application on a specific server.
    The only way it works is to use a vpn, in our case openvpn.
    But the way we organised openvpn is that the client would have access to all sources of our site.
    The question therefore is: how can I narrow down the access the client has to just that server and application?
    Should I make a rule to his specific wan ip?
    Or should I make a rule to his openvpn ip?
    And how would a rule look like and were to make: lan side or wan side?
    Love to hear form someone, regards, Fons

    Give the client a specific IP address and then create firewall rules, an explicit allow to the host they need access to then a explicit deny to anything else from their IP address.

    Make sure the two rules are above the allow any normal OpenVPN clients.

    0

  • Added to what @NogBadTheBad said :

    Start up a new OpenVPN server on - example - port 1195.
    Assign this user - his credentials - to this VPN.
    Assign the OpenVPN interface of this instance to an Interface.
    Now you can use this firewall for this interface to fine-grain the access on IP "destination".

    When a user comes in using a VPN, he can access - typically - your LAN(s). But all devices on these LANs have their own access codes.
    The server your user should access has it's own user privileges set up, right ?

    Btw : put your server on a DMZ ....

    0
openvpn 44 rules 11
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy