[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] different settings for just 1 or 2 users

  • Subject: Re: [Openvpn-users] different settings for just 1 or 2 users
  • From: <nobledark@xxxxxxxxxxxx>
  • Date: Fri, 26 Oct 2007 10:22:53 -0400

Understood on that point - having "temp" users on my VPN system is 
new and I will be looking at what changes will need to be done to 
ensure the security in the next couple of days. That having been 
said, I need to implement this today so if you know how to do it 
with ccd directives or other, non-firewall methods I'd appreciate 
your insight.


On Fri, 26 Oct 2007 10:00:35 -0400 Leonardo Rodrigues Magalhães 
<leolistas@xxxxxxxxxxxxxx> wrote:
>No matter how many routes you publish on your config, people 
>connected to your network with OpenVPN will always have the 
>ability of 
>creating new routes through the tunnel.
>    So, even if you dont publish routes to your full network, 
>better guarantee, in firewall rules, that people will only have 
>access they really need.
>    Dont count on routes existing or not as a security 
>nobledark@xxxxxxxxxxxx escreveu:
>> Hi,
>> OpenVPN in routed mode - I need to apply a different set of 
>> for 1 or 2 users; they are temp contractors who should only have 
>> access to 2 IP addresses on a single subnet while the rest of 
>> have access to multiple systems on multiple routes. I saw in the 
>> HowTo a way to do it w/ the Linux firewall but I'm using an 
>> external firewall and not the firewall on the OpenVPN box.
>> Is there a way to do this w/ ccd? My first attempt locked my 
>> up until I could in to work this morning :(
>	Atenciosamente / Sincerily,
>	Leonardo Rodrigues
>	Solutti Tecnologia
>	http://www.solutti.com.br
>	Minha armadilha de SPAM, NÃO mandem email
>	gertrudes@xxxxxxxxxxxxxx
>	My SPAMTRAP, do not email it

Openvpn-users mailing list