Is it possible to restrict access to the admin web UI to anything off VPN, while allowing it to be accessed to clients connected to VPN?
Running OpenVPN AS 2.8.5 in AWS.
Restrict Access to Admin Web UI - Except While On VPN
-
- OpenVpn Newbie
- Posts: 8
- Joined: Mon May 16, 2022 11:47 pm
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Restrict Access to Admin Web UI - Except While On VPN
Hello TeleBrady,
I would advise you to go to the Network Settings section in the Admin web UI, and turn off the Admin Web Server forwarding option. This will let the client web UI be reachable on port TCP 443, while the admin web UI will only be reachable on port TCP 943 now.
You could now use a firewall to control access to the TCP 943 port. By default it's reachable from the Internet but you could make it not so. On AWS there is security group settings to control this. You could set it to be only reachable from certain IP addresses. You could also use iptables to control things but since Access Server relies on iptables itself you'd have to take care when doing this. You could configure things so that only people from the VPN could access it now.
Kind regards,
Johan
I would advise you to go to the Network Settings section in the Admin web UI, and turn off the Admin Web Server forwarding option. This will let the client web UI be reachable on port TCP 443, while the admin web UI will only be reachable on port TCP 943 now.
You could now use a firewall to control access to the TCP 943 port. By default it's reachable from the Internet but you could make it not so. On AWS there is security group settings to control this. You could set it to be only reachable from certain IP addresses. You could also use iptables to control things but since Access Server relies on iptables itself you'd have to take care when doing this. You could configure things so that only people from the VPN could access it now.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 8
- Joined: Mon May 16, 2022 11:47 pm
Re: Restrict Access to Admin Web UI - Except While On VPN
Perfect, thank you Johan, that was exactly what I needed.