OpenVPN Support Forum

Hi there!

Is there a way to configure Access Server "Allow Access From" a specific IP?
I don't need to let any client-to-client access. There must be a specific IP permitted to access clients, and not vice versa.
Thanks!

Hello,

Access is done from the point of view of VPN clients. So if for example you have a system in your internal network at 192.168.70.123 and you want that system to be able to access a particular VPN client, then give the VPN client routing access to 192.168.70.123 and then two-way communication between this VPN client and that 192.168.70.123 IP address is now possible. So now 192.168.70.123 can access that VPN client.

If this isn't what you want then consider diving into iptables rules to add your own custom restrictions.

Kind regards,
Johan

Hi Johan!

I have a static IP for Administrator within VPN network (e.g. it's 172.27.232.2), and the rest IPs are clients that Administrator needs to connect to (172.27.232.3, 172.27.232.4 and so on). The real network IPs (not VPN) behind Administrator and Clients can always be different, I can't explicitly route using exact IP addresses.

Can you post an exact example of command I need to include in Client config so that 172.27.232.2 could access 172.27.232.3 and 172.27.232.4, but those clients wouldn't be able to access each other's networks?
I know exact ports I need to access on Client's sides, so it's possible to limit this parameter, let's say to port 443, 80, 1500.

What I need in User Permissions is to set "Allow Access From" for a particular IP (in my case 172.27.232.2).
I this case 172.27.232.3:443 would route to client's real IP and corresponding port (e.g. 192.168.0.3:443). That's the scenario I need to realize.
Thanks!