Limit Access to one IP Address on the LAN



  • Dear Forum,

    We just set up the OpenVPN Wizard - export Viscosity Mac bundle with great ease and success.
    We defined one user in pfsense in addition to "admin" and then exported that config. This user has access to the whole subnet. Pool from ..2.0/24 to LAN ..1.0/24
    We also would like to define third user who should only have access to one IP address on the subnet. Would be the recommended way to do this? Another server?

    Thanks
    Alfredo.



  • Hi,

    you need to use server mode "Remote SSL/TLS" or "Remote SSL/TLS + User Auth".
    You need to create a client certificate. The you go to "Client Specific override" and put in the CN (Common name) of the client certificate.
    Now you set up a tunnel network with subnet mask /30 - e.g.: 10.0.1.248/30
    Then this client will always get 10.0.1.250/30 as IP address. Then you are able to define firewall rules for this user.



  • Good one! I needed this!

    Thanks Nachtfalke!

    Kostas


Log in to reply