User specific access

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

User specific access

Post by dnilgreb » Fri Mar 04, 2016 12:33 pm

I have OpenVPN running in a jail in my FreeNAS 9.3. It works beautifully.
Now, however, I want to let other users connect, but I only want them to be able to get access to a specific host on my LAN.
Preferably by DNS name.
How to configure this?

I understand that it could be done using separate IP-ranges and some sort of firewall setup. But how do I acheive this?
Is there a better / simpler way?

My server conf:

Code: Select all

port 1194
proto udp
dev tun1
ca /mnt/openvpn/keys/ca.crt
cert /mnt/openvpn/keys/openvpn-server.crt
key /mnt/openvpn/keys/openvpn-server.key
dh /mnt/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
route 192.168.1.70 255.255.255.0 10.8.0.1 
keepalive 10 120
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3
my client conf:

Code: Select all

client
dev tun
proto udp
remote MY.IP.GOES.HERE 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myfirstname.mylastname.crt
key myfirstname.mylastname.key
ns-cert-type server
comp-lzo
verb 0
dhcp-option DNS 192.168.1.1
Top
dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

Re: User specific access

Post by dnilgreb » Tue Mar 08, 2016 12:15 pm

Solved it!
Putting in what I did as a reply if someone else ever has the same problem.

Simply added these lines:

Code: Select all

ipfw -q add allow all from 10.8.0.XX to 192.168.1.XXX
ipfw -q add deny log all from 10.8.0.XX to any
where XX is the IP of the client connecting and XXX is the IP of the allowed host.
Top
Post Reply

Return to “Routing and Firewall Scripts”