OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Restrict Access to Admin Web UI - Except While On VPN

https://forums.openvpn.net/viewtopic.php?t=34242

Page 1 of 1

Restrict Access to Admin Web UI - Except While On VPN

Posted: Mon May 16, 2022 11:52 pm
by TeleBrady
Is it possible to restrict access to the admin web UI to anything off VPN, while allowing it to be accessed to clients connected to VPN?

Running OpenVPN AS 2.8.5 in AWS.

Re: Restrict Access to Admin Web UI - Except While On VPN

Posted: Tue May 17, 2022 10:04 am
by openvpn_inc
Hello TeleBrady,

I would advise you to go to the Network Settings section in the Admin web UI, and turn off the Admin Web Server forwarding option. This will let the client web UI be reachable on port TCP 443, while the admin web UI will only be reachable on port TCP 943 now.

You could now use a firewall to control access to the TCP 943 port. By default it's reachable from the Internet but you could make it not so. On AWS there is security group settings to control this. You could set it to be only reachable from certain IP addresses. You could also use iptables to control things but since Access Server relies on iptables itself you'd have to take care when doing this. You could configure things so that only people from the VPN could access it now.

Kind regards,
Johan

Re: Restrict Access to Admin Web UI - Except While On VPN

Posted: Tue May 17, 2022 3:28 pm
by TeleBrady
Perfect, thank you Johan, that was exactly what I needed.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/