Restrict one user to only one internal vlan
-
We have a client who has 5 internal vlans (vlan interfaces configured on the PFSENSE) with staff using openvpn to access things remotely via freeradius.
The customer wants to give their Telco supplier vpn access to only the phone vlan. Is that possible and if so how?
thanks.
-
@frog In the vpn config set it up so the vpn client gets a specific IP, then in the vpn rules only allow that client access to the phone vlan.
Or another way without a specific client override is setup a 2nd instance of openvpn, say on a different port say 1195 vs default 1194, use a different tunnel network for this instance.. Now anyone connecting to this instance, your phone support supplier can be set in the openvpn firewall rules to only have access to your phone vlan
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz thanks that was exactly what I was thinking. how do you setup the client to get a specific ip?
DOH you've given me the link. I'll check there thanks.* but I'm using freeraadius will that matter?
-
@frog said in Restrict one user to only one internal vlan:
but I'm using freeraadius will that matter?
no
-
@johnpoz This is the way
