VPN possibility?

killmasta93

Hi,

Im not sure if exactly if its possible or if it applies to this forum but if someone could point me into the right direction. I have a windows server with active directory, and files so each person inside of the office can have access to those files (some are read only). I would want these files to be accessible(though VPN) to other clients (that do not work in the office) that are not connected to the windows server. Now what im not sure if its possible is to give them permission to a few files ONLY. Example client one can see only their information while client 2 cannot. But i know there's another issue that if i give them a VPN that they wont try to touch my server. Not sure if there is a software or something that could help me or point me into the right direction. See picture below to maybe understand better.

Thank you :)

Drawing1.jpg_thumb

viragomann

You can control these permission in active directory not on the vpn server or pfSense. pfSense just controls access to hosts (IPs) or subnets.

You may add users for vpn clients to AD and you can also use theme in vpn authentication if you use openvpn or also in ipsec, I think.

killmasta93

Hi

Thank you for responding, I was thinking to put FTP on the windows server ill post back if it works

almabes

You want to research NTFS permissions and share permissions. Right click a folder choose properties and click the security tab…
Or, you can set up a separate sftp server. No VPN required.

killmasta93

thanks again

but I found an awesome solution. Use filezilla server its amazing on a windows server 2012

The setup if strait forward but the tricky part is allow the windows firewall. Two things you need to allow on the windows firewall

allow port 21
allow program filezilla server
open the port 21 on pfSense

after that should work fine

Hope this helps someone

almabes

Are you setting up a FTP server on the public internet without any encryption?

killmasta93

yeah scratch number 3 its better though VPN :P

I just changed to FTPS using Explicit SSL/TLS with certificate.

I guess i was just trying out to see everything works well.

Thank again :)

jahonix

@killmasta93:

but I found an awesome solution. Use filezilla server

Just for reference: you are installing a different server on top of your windows 2012 file server to have external users access those files without AD permissions.
Why not just configure the permissions correctly? ::)

killmasta93

Just for reference: you are installing a different server on top of your windows 2012 file server to have external users access those files without AD permissions.
Why not just configure the permissions correctly?

So true I was thinking it was wierd installing a server on a server. So I just installed lls managment console and ftp service.

But now my issue or worry is that if i give a VPN access (192.168.2.2) to communicate to (192.168.3.9) would it be possible for only the VPN to ping 192.168.3.9 and not my other server (192.168.3.8)

Thank you