Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limit Access to one IP Address on the LAN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      alfredo
      last edited by

      Dear Forum,

      We just set up the OpenVPN Wizard - export Viscosity Mac bundle with great ease and success.
      We defined one user in pfsense in addition to "admin" and then exported that config. This user has access to the whole subnet. Pool from ..2.0/24 to LAN ..1.0/24
      We also would like to define third user who should only have access to one IP address on the subnet. Would be the recommended way to do this? Another server?

      Thanks
      Alfredo.

      1 Reply Last reply Reply Quote 0
      • N Offline
        Nachtfalke
        last edited by

        Hi,

        you need to use server mode "Remote SSL/TLS" or "Remote SSL/TLS + User Auth".
        You need to create a client certificate. The you go to "Client Specific override" and put in the CN (Common name) of the client certificate.
        Now you set up a tunnel network with subnet mask /30 - e.g.: 10.0.1.248/30
        Then this client will always get 10.0.1.250/30 as IP address. Then you are able to define firewall rules for this user.

        1 Reply Last reply Reply Quote 0
        • C Offline
          costasppc
          last edited by

          Good one! I needed this!

          Thanks Nachtfalke!

          Kostas

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.