Site-To-Site access by select few

OpenVPN
Log in to reply
  • A

    I have a network where a site-to-site is setup.  There is one central office and four branch locations.  I'd like to tighten down some rules.  I'd like to have a select few PCs in the central office be able to access branch locations.  Not every PC a central office needs branch office access.

    I have setup an alias with the IPs of the PCs that I want to have access.  In Firewall:Rules:OpenVPN do I simply change the "source" from * to the alias of the allowed PCs or is there something else I'm missing?  I guess the problem is that I'm not sure what direction this rule is based on.  Is the rule out-going or incoming?

    Is there a better way to achieve this then how I'm trying it now?

    thx.

    0
  • V

    A firewall rule handles the incoming traffic at the interface.
    So if you put this rule on the OpenVPN tab of the branch offices pfSense it would do its job.

    Alternatively you can put it a block rule on central office side, but on LAN interface, which block all traffic from other PCs to the branch office net:

    
    	 Proto 	Source 	                Port 	 Destination 	        Port 	Gateway 	Queue 	Schedule 	Description 	
block 	  *    !Allowed_PC_VPN_Access 	* 	 <branch office="" net="">* 	* 	* 	  	none         Block all others</branch>
    0
  • A

    Perfect.  Thanks for the great explanation.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy