Hello,
My VPN setup is working just fine but I'm experiencing an issue : how can I make the web client accessible through the VPN only ? I don't want anybody bruteforcing my Admin UI. I checked the default firewall but I don't seem to be able to allow connection on port 943 only from the VPN's ip range.
That could also help me putting several services through the VPN : chat , file sharing ..
I was wondering how to proceed on allowing access to certain ports from certain ip's.
Thanks.
Marius
Firewall rules for OpenVPN Access server
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Dec 06, 2018 2:14 pm
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Firewall rules for OpenVPN Access server
Regarding bruteforcing, there's an automatic lockout in place. You should check this security recommendations page first though:
https://openvpn.net/vpn-server-resource ... tallation/
And to allow access only through VPN you can disable service forwarding for the admin web service and bind it to an internal only IP address. You'd need an interface on your Access Server that has such a private IP. You can a dummy adapter if you don't have it.
https://openvpn.net/vpn-server-resource ... tallation/
And to allow access only through VPN you can disable service forwarding for the admin web service and bind it to an internal only IP address. You'd need an interface on your Access Server that has such a private IP. You can a dummy adapter if you don't have it.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Dec 06, 2018 2:14 pm
Re: Firewall rules for OpenVPN Access server
Hi,
Would you suggest installing my applications on the same server ? Because I will need to have other applications routed through the VPN.
Should I just use a dedicated server for OpenVPN and an other one as client for my applications ? Should I try to mess with the firewall?
Thanks for your reply.
Marius
Would you suggest installing my applications on the same server ? Because I will need to have other applications routed through the VPN.
Should I just use a dedicated server for OpenVPN and an other one as client for my applications ? Should I try to mess with the firewall?
Thanks for your reply.
Marius
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Firewall rules for OpenVPN Access server
I would suggest separating roles, so have a separate server for Access Server, and a separate server for your other applications.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Firewall rules for OpenVPN Access server
Oh and those can be virtual servers of course, otherwise things would get needlessly expensive for no good reason.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.