two Questions: Static IP Addresses and Admin UI access

jgrassler · Post by **jgrassler** » Mon Dec 17, 2018 2:57 pm

Hi Guys, im setting up an openvpn access server on ubuntu 18.04.

I have done a routed configuration.
The server is in its own network 10.102.0.0/24 and has the ip 10.102.0.2.
The clients are in the network 10.102.103.0/24 i added a static route to the firewall to point towards the vpn server as a gateway for this network.

The Plan:
I want to set static vpn ip via the openvpn User and Gui (example user1: 10.102.103.5).
Then i want to restrict this ip via the firewall just to access the hand of ports/ips that are needed for this user.
ex:
1:allow 10.102.103.5 to 192.168.1.5 https
2:deny all

this is working for now, now the questions:

Can i be sure that the user cannot change his IP address, if i set it static ip the openvpn gui?
( an therefore be sure that the ACLs i set in the firewall always apply to this login/user)

What is the current way to lock the availability of the admin gui towards the internet and vpn IP addresses?
(i know there is password lockout and i can have a propper admin password, but what if i want no way of someone from outside accessing it ever? )
I tried setting the admin gui on a different port wich would not be open to the outside, but the fqdn/admin is still available.

thanks for the help!