Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Block user in vpn dial in to access other lan

    OpenVPN
    2
    3
    574
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybermod last edited by

      Hi all, my situation:

      i have more lan (one each customer).

      Can i get access in vpn dial in with openvpn to (example) at Marc in his lan but hi don't see other lan?

      …. bad english?? YEH!

      marc can access with openvpn dial in at his lan
      joe can access with openvpn dial in at his lan,

      but marc cannot access in joe lan and also joe cannot access in marc lan.

      Tnx so much!!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        To implement your intention the VPN users have to get definite IPs from your VPN server. Then these IPs can be used in firewall rules to permit clients accessing specific destinations.

        You can reach this by running different OpenVPN servers with separate tunnel IP pools for each customer / security group or by pushing a definite IP to each client using "Client specific overrides".
        For both ways certificate based authentication is required!

        If you want to setup multiple OVPN servers you have to add a separate CA for each at first. Server and user get their certs from this CA, so only users who have the correct cert may connect to this server.

        If using client specific overrides look here for explanation: http://fastinetserver.wordpress.com/2013/03/09/pfsense-openvpn-static-ip-for-clients/

        1 Reply Last reply Reply Quote 0
        • C
          cybermod last edited by

          many thanx viragomann, now i try to do it, i hope to have success.

          Can i ask you other in future?

          For me, this features is very important

          Regards

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy