Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Block user in vpn dial in to access other lan

    OpenVPN
    2
    3
    601
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybermod last edited by

      Hi all, my situation:

      i have more lan (one each customer).

      Can i get access in vpn dial in with openvpn to (example) at Marc in his lan but hi don't see other lan?

      …. bad english?? YEH!

      marc can access with openvpn dial in at his lan
      joe can access with openvpn dial in at his lan,

      but marc cannot access in joe lan and also joe cannot access in marc lan.

      Tnx so much!!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        To implement your intention the VPN users have to get definite IPs from your VPN server. Then these IPs can be used in firewall rules to permit clients accessing specific destinations.

        You can reach this by running different OpenVPN servers with separate tunnel IP pools for each customer / security group or by pushing a definite IP to each client using "Client specific overrides".
        For both ways certificate based authentication is required!

        If you want to setup multiple OVPN servers you have to add a separate CA for each at first. Server and user get their certs from this CA, so only users who have the correct cert may connect to this server.

        If using client specific overrides look here for explanation: http://fastinetserver.wordpress.com/2013/03/09/pfsense-openvpn-static-ip-for-clients/

        1 Reply Last reply Reply Quote 0
        • C
          cybermod last edited by

          many thanx viragomann, now i try to do it, i hope to have success.

          Can i ask you other in future?

          For me, this features is very important

          Regards

          1 Reply Last reply Reply Quote 0
          • First post
            Last post