Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 10 July 2020, 05:20:35 pm

Login with username, password and session length

Get the new Updates directly from Endian  HERE
14010 Posts in 4270 Topics by 6109 Members
Latest Member: slavaby1970
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Allow VPN user from specific real IP - Security Question
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Allow VPN user from specific real IP - Security Question  (Read 4165 times)
Sr. Member
Offline Offline

Gender: Female
Posts: 108

« on: Tuesday 08 May 2012, 07:27:23 pm »

I hope all EFW Adminstrators are doing well.
I have a security related question, if someone knows it. Can I allow a VPN user that can only connects with a designated Real IP (public IP) sitting in another branch connecting to the EFW2.5.1 ? Is it possible ? And how ?
I know that I can create a VPN Traffic Rule with IP/MAC for the tap network. So if the user (member of admin) knows how to setup openvpn client (also knows where to copy certificate & conf file) than the user can install client in any machine. Also if the user is intelligent than he/she can set the IP/MAC as same as branch machine (tap network) in home pc or anywhere.

Thank you
Hero Member
Offline Offline

Posts: 495

« Reply #1 on: Wednesday 09 May 2012, 12:26:51 am »

Except for the VPN firewall, as far as I know you can't directly assing an openvpnclient to a public IP.
Googling you get that. You must adapt it to Endian, might work.

If you also administer the remote site and nobody more can access EFW to retrieve the certificate, use a Site to Site OpenVPN.
Sr. Member
Offline Offline

Gender: Female
Posts: 108

« Reply #2 on: Wednesday 09 May 2012, 05:08:15 pm »

The site to site is good only for less branches but if the branches are more than 5 than its very hard to implement net-to-net. The link you provide me is excellent, I will do some test and I'll post the output if I succeeded and I'll also searching the easier ways to do it if possible...

Thank you so much mrkroket Smiley
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.037 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com