Page 1 of 1
OpenVPN Access Server (google) how to limit access to devices
Posted: Wed Feb 24, 2021 12:48 am
by jmarcum
I have a test account (OpenVPN Access Server in Google). I'm trying to figure out if it's possible to set it up such that certain clients can only access subnets behind specific devices in the VPN. Or conversely to block a client from accessing a subnet behind a specific device client.
At the moment my account is set up so that every client can access the subnets behind every other client.
Thanks in advance
Re: OpenVPN Access Server (google) how to limit access to devices
Posted: Wed Feb 24, 2021 8:45 am
by openvpn_inc
Hello,
OpenVPN Access Server is not really set up for access control in that direction. It is more geared towards providing VPN clients access to resources that are on the subnets that Access Server has direct access to - usually the ones in Google Cloud. But there is a solution. What you can do is chain Access Servers. Like have an Access Server set up on site A that delivers access to resources in site A, and have an Access Server set up in Google Cloud, and then install the OpenVPN client program on the Access Server in Google Cloud that connects to the Access Server in site A. Then the resources in site A become accessible to the Google Cloud Access Server as if it's just a private subnet on Google Cloud. You can then apply the usual access control methods in Access Server to give certain clients access to certain subnets.
OpenVPN Cloud can serve this use case too, but again, it would be a matter of deploying something that gives access to site A resources to OpenVPN Cloud, so access control rules can be applied on OpenVPN Cloud. It's actually pretty similar. But on Cloud it's called a connector.
Kind regards,
Johan