Hi there!
Is there a way to configure Access Server "Allow Access From" a specific IP?
I don't need to let any client-to-client access. There must be a specific IP permitted to access clients, and not vice versa.
Thanks!
Allow Access From specific IP
-
SpeedMonster
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Aug 22, 2023 7:47 pm
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Allow Access From specific IP
Hello,
Access is done from the point of view of VPN clients. So if for example you have a system in your internal network at 192.168.70.123 and you want that system to be able to access a particular VPN client, then give the VPN client routing access to 192.168.70.123 and then two-way communication between this VPN client and that 192.168.70.123 IP address is now possible. So now 192.168.70.123 can access that VPN client.
If this isn't what you want then consider diving into iptables rules to add your own custom restrictions.
Kind regards,
Johan
Access is done from the point of view of VPN clients. So if for example you have a system in your internal network at 192.168.70.123 and you want that system to be able to access a particular VPN client, then give the VPN client routing access to 192.168.70.123 and then two-way communication between this VPN client and that 192.168.70.123 IP address is now possible. So now 192.168.70.123 can access that VPN client.
If this isn't what you want then consider diving into iptables rules to add your own custom restrictions.
Kind regards,
Johan
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
SpeedMonster
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Aug 22, 2023 7:47 pm
Re: Allow Access From specific IP
Hi Johan!
I have a static IP for Administrator within VPN network (e.g. it's 172.27.232.2), and the rest IPs are clients that Administrator needs to connect to (172.27.232.3, 172.27.232.4 and so on). The real network IPs (not VPN) behind Administrator and Clients can always be different, I can't explicitly route using exact IP addresses.
Can you post an exact example of command I need to include in Client config so that 172.27.232.2 could access 172.27.232.3 and 172.27.232.4, but those clients wouldn't be able to access each other's networks?
I know exact ports I need to access on Client's sides, so it's possible to limit this parameter, let's say to port 443, 80, 1500.
What I need in User Permissions is to set "Allow Access From" for a particular IP (in my case 172.27.232.2).
I this case 172.27.232.3:443 would route to client's real IP and corresponding port (e.g. 192.168.0.3:443). That's the scenario I need to realize.
Thanks!
I have a static IP for Administrator within VPN network (e.g. it's 172.27.232.2), and the rest IPs are clients that Administrator needs to connect to (172.27.232.3, 172.27.232.4 and so on). The real network IPs (not VPN) behind Administrator and Clients can always be different, I can't explicitly route using exact IP addresses.
Can you post an exact example of command I need to include in Client config so that 172.27.232.2 could access 172.27.232.3 and 172.27.232.4, but those clients wouldn't be able to access each other's networks?
I know exact ports I need to access on Client's sides, so it's possible to limit this parameter, let's say to port 443, 80, 1500.
What I need in User Permissions is to set "Allow Access From" for a particular IP (in my case 172.27.232.2).
I this case 172.27.232.3:443 would route to client's real IP and corresponding port (e.g. 192.168.0.3:443). That's the scenario I need to realize.
Thanks!