IP-Based Access Restriction in Access Server
Set up IP-based authentication restrictions for your Access Server instance to further strengthen your OpenVPN server security.
Access Server’s post-authentication script (PAS) supports restricting VPN access based on the client’s source IP address. Using a Python 3 post-auth script, administrators can define rules that allow or deny connections based on the IP address of the connecting user.
This capability can be used to:
Restrict access to specific trusted IP addresses or networks.
Enforce geographic or office-based login policies.
Prevent logins from unauthorized or unexpected locations.
IP-based restrictions are evaluated during the post-authentication hook, before the VPN session is fully established. If the client’s IP address does not meet the defined criteria, the connection is denied.
Warning
IP-based access restriction is implemented through a custom post-authentication script. Administrators are responsible for properly maintaining and testing the script logic. Incorrect or overly restrictive rules may unintentionally block legitimate users from connecting.