Limit User to Specific IP Addresses on Server LAN

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
forsberg94
OpenVpn Newbie
Posts: 4
Joined: Tue Apr 26, 2011 2:58 pm

Limit User to Specific IP Addresses on Server LAN

Post by forsberg94 » Thu Apr 28, 2011 4:27 am

Hi all,

I am learning the OpenVPN Access Server and have successfully set it up.

I have created a few different users and one of these users is loaded directly onto my DD-WRT router. This means that anything that connects to this router will be accessing the Internet through the VPN tunnel into my Server LAN.

Since this could pose a security concern due to anyone that plugs in an ethernet cord into this router has access to my VPN servers, I want to limit this specific user to only be able to access the following IP Addresses available in my VPN Server LAN:
10.0.0.34
10.0.0.124
10.0.0.75

In the Web User Interface Admin Page:
Under 'User Permissions' the settings for this user include an 'Access Control' section, which I have the following:

Code: Select all

Select Addressing Method:   Use NAT (checked)
Allow Access to these Networks:  10.0.0.34
                                 10.0.0.124
                                 10.0.0.75
Allow Access From:    all server-side private subnets (checked)
Allow Access From:    all other VPN clients (checked)

This isn't working due to "Allow Access to these Networks" wants a subnet. But if I give it a 10.0.0.0/24, this user will have access to the entire subnet (10.0.0.1-10.0.0.254), which I dont want. I want whoever is connected to the DD-WRT router to only be able to access those 3 ip addresses. Other users should still be able to access whatever I define as their accessible subnets (so this has to be on a user basis).

Thank you so for the help!
Chris

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Limit User to Specific IP Addresses on Server LAN

Post by janjust » Thu Apr 28, 2011 7:06 am

Hi, this is the wrong forum to ask - this forum is only for the community (open source) edition of OpenVPN, not the commercial (Access Server) edition. for more details, read topic7036.html

Post Reply