Block user in vpn dial in to access other lan
Hi all, my situation:
i have more lan (one each customer).
Can i get access in vpn dial in with openvpn to (example) at Marc in his lan but hi don't see other lan?
…. bad english?? YEH!
marc can access with openvpn dial in at his lan
joe can access with openvpn dial in at his lan,
but marc cannot access in joe lan and also joe cannot access in marc lan.
Tnx so much!!
To implement your intention the VPN users have to get definite IPs from your VPN server. Then these IPs can be used in firewall rules to permit clients accessing specific destinations.
You can reach this by running different OpenVPN servers with separate tunnel IP pools for each customer / security group or by pushing a definite IP to each client using "Client specific overrides".
For both ways certificate based authentication is required!
If you want to setup multiple OVPN servers you have to add a separate CA for each at first. Server and user get their certs from this CA, so only users who have the correct cert may connect to this server.
If using client specific overrides look here for explanation: http://fastinetserver.wordpress.com/2013/03/09/pfsense-openvpn-static-ip-for-clients/
many thanx viragomann, now i try to do it, i hope to have success.
Can i ask you other in future?
For me, this features is very important