Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block user in vpn dial in to access other lan

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 999 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cybermod
      last edited by

      Hi all, my situation:

      i have more lan (one each customer).

      Can i get access in vpn dial in with openvpn to (example) at Marc in his lan but hi don't see other lan?

      …. bad english?? YEH!

      marc can access with openvpn dial in at his lan
      joe can access with openvpn dial in at his lan,

      but marc cannot access in joe lan and also joe cannot access in marc lan.

      Tnx so much!!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        To implement your intention the VPN users have to get definite IPs from your VPN server. Then these IPs can be used in firewall rules to permit clients accessing specific destinations.

        You can reach this by running different OpenVPN servers with separate tunnel IP pools for each customer / security group or by pushing a definite IP to each client using "Client specific overrides".
        For both ways certificate based authentication is required!

        If you want to setup multiple OVPN servers you have to add a separate CA for each at first. Server and user get their certs from this CA, so only users who have the correct cert may connect to this server.

        If using client specific overrides look here for explanation: http://fastinetserver.wordpress.com/2013/03/09/pfsense-openvpn-static-ip-for-clients/

        1 Reply Last reply Reply Quote 0
        • C
          cybermod
          last edited by

          many thanx viragomann, now i try to do it, i hope to have success.

          Can i ask you other in future?

          For me, this features is very important

          Regards

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.