Andre Kolodochka wrote:
Hi sluggers,
We have OpenVPN server running internally for employees to access our
network from home. We have a request from a potential client to access
some internal demo systems. They are happy to install and use OpenVPN
client, however I won't be happy giving them the full access to our
network.
Hence the question. Is it possible to restrict access for certain
users only to specific set of IP addresses? So everyone except this
client will be able to use VPN to access everything on the network as
usual and potential client will be able to access only boxes on those
specific IP addresses?
What you should be able to do is configure OpenVPN to always assign the
client the same IP address (I believe that is documented in OpenVPN
sample conf file), then you could use iptables to restrict that client
IP address access to the network...
Fil
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
