I have a test account (OpenVPN Access Server in Google). I'm trying to figure out if it's possible to set it up such that certain clients can only access subnets behind specific devices in the VPN. Or conversely to block a client from accessing a subnet behind a specific device client.
At the moment my account is set up so that every client can access the subnets behind every other client.
Thanks in advance
OpenVPN Access Server (google) how to limit access to devices
-
jmarcum
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Feb 23, 2021 10:48 pm
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1332
- Joined: Tue Feb 16, 2021 10:41 am
Re: OpenVPN Access Server (google) how to limit access to devices
Hello,
OpenVPN Access Server is not really set up for access control in that direction. It is more geared towards providing VPN clients access to resources that are on the subnets that Access Server has direct access to - usually the ones in Google Cloud. But there is a solution. What you can do is chain Access Servers. Like have an Access Server set up on site A that delivers access to resources in site A, and have an Access Server set up in Google Cloud, and then install the OpenVPN client program on the Access Server in Google Cloud that connects to the Access Server in site A. Then the resources in site A become accessible to the Google Cloud Access Server as if it's just a private subnet on Google Cloud. You can then apply the usual access control methods in Access Server to give certain clients access to certain subnets.
OpenVPN Cloud can serve this use case too, but again, it would be a matter of deploying something that gives access to site A resources to OpenVPN Cloud, so access control rules can be applied on OpenVPN Cloud. It's actually pretty similar. But on Cloud it's called a connector.
Kind regards,
Johan
OpenVPN Access Server is not really set up for access control in that direction. It is more geared towards providing VPN clients access to resources that are on the subnets that Access Server has direct access to - usually the ones in Google Cloud. But there is a solution. What you can do is chain Access Servers. Like have an Access Server set up on site A that delivers access to resources in site A, and have an Access Server set up in Google Cloud, and then install the OpenVPN client program on the Access Server in Google Cloud that connects to the Access Server in site A. Then the resources in site A become accessible to the Google Cloud Access Server as if it's just a private subnet on Google Cloud. You can then apply the usual access control methods in Access Server to give certain clients access to certain subnets.
OpenVPN Cloud can serve this use case too, but again, it would be a matter of deploying something that gives access to site A resources to OpenVPN Cloud, so access control rules can be applied on OpenVPN Cloud. It's actually pretty similar. But on Cloud it's called a connector.
Kind regards,
Johan
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support