Wiki

User Tools

Site Tools

Trace:
pfsense:vpn:openvpn:timed_access_for_openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:vpn:openvpn:timed_access_for_openvpn [2021/02/19 10:23] peterpfsense:vpn:openvpn:timed_access_for_openvpn [2021/02/19 10:41] (current) – [Create Firewall Rules] peter
Line 9: Line 9:
 To allow access of our users only in specific time intervals it is necessary to create a schedule: To allow access of our users only in specific time intervals it is necessary to create a schedule:
  
-  * Navigate to **Firewall -> Schedules**. +Navigate to **Firewall -> Schedules**. 
-  Click the **Add** button. + 
-  In **Schedule Name** give a name to the schedule. +Click the **Add** button. 
-  * Select the month to apply it to. + 
-  * Select the days on the calendar. +In **Schedule Information**: 
-  * Select the time range and click on **Add Time**+ 
-  * Repeat the procedure to add another time / date range to be assigned to this schedule+  * Schedule Name:  **OpenVPN_Allowed**.  Give a name to the schedule. 
-  * All created ranges will be displayed under **Configured Ranges**.+  * Description:  **OpenVPN Allowed Access**.  Provide a useful description. 
 +  * Month:  **Select the month to apply it to**
 +  * Date:  **Select the days on the calendar to apply**
 +  * Time:  ** Select the time range to apply**
 +  * Click **Add Time**.
  
 {{:pfsense:vpn:openvpn:pfsense_-_firewall_-_schedules_-_openvpn.png?800|}} {{:pfsense:vpn:openvpn:pfsense_-_firewall_-_schedules_-_openvpn.png?800|}}
 +
 +<WRAP info>
 +**NOTE:**  Repeat the procedure to add additional date/time ranges to this schedule.
 +
 +All created ranges will be displayed under **Configured Ranges**.
 +
 +</WRAP>
  
 ---- ----
Line 35: Line 46:
 In the configuration screen that will appear, it will be sufficient to configure only 2 items: In the configuration screen that will appear, it will be sufficient to configure only 2 items:
  
 +  * Server List:  **Select the OpenVPN Server to associate this with**.
   * Common Name:  **The name of the VPN user**.   * Common Name:  **The name of the VPN user**.
-  * Advanced:  Insert the following string **ifconfig-push [IP_TUNNEL] [NETMASK]**. +  * Advanced:  <code>ifconfig-push 10.20.30.69 255.255.255.0</code>
-    * Where IP_TUNNEL will be the IP address of the tunnel that we would like to be assigned to the user. +
-    * Example:  ifconfig-push 10.20.30.69 255.255.255.0+
  
 <WRAP info> <WRAP info>
 **NOTE:**  See:  [[PFSense:VPN:OpenVPN:Assign a fixed IP to a remote client|Assign a fixed IP to a remote client]]. **NOTE:**  See:  [[PFSense:VPN:OpenVPN:Assign a fixed IP to a remote client|Assign a fixed IP to a remote client]].
 +
 +The format for the **Advanced entry** is:  **ifconfig-push [IP_TUNNEL] [NETMASK]**, where:
 +
 +    * **IP_TUNNEL**:  will be the IP address of the tunnel that we would like to be assigned to the user.
 +    * **NETMASK**:  The network mask to apply. 
  
 Repeat the procedure for each user to be managed. Repeat the procedure for each user to be managed.
 +
 </WRAP> </WRAP>
  
Line 53: Line 69:
 Navigate to **Firewall -> Rules**. Navigate to **Firewall -> Rules**.
  
-  * Select the **OpenVPN** interface. +Select the **OpenVPN** interface. 
-  Click **Add** button to create a new rule to be placed at the top.+ 
 +Click **Add** button to create a new rule to be placed at the top. 
   * Action:  **Pass**.   * Action:  **Pass**.
   * Interface:  **OpenVPN**.   * Interface:  **OpenVPN**.
Line 61: Line 79:
   * Source:  **Single host or alias** **10.20.30.69**.  This is the IP address belonging to the VPN Tunnel network defined previously and assigned to the user concerned.   * Source:  **Single host or alias** **10.20.30.69**.  This is the IP address belonging to the VPN Tunnel network defined previously and assigned to the user concerned.
   * Destination:  **Single host or alias** **192.168.1.123**.  The IP address of the server to which we want to restrict the user’s connection.   * Destination:  **Single host or alias** **192.168.1.123**.  The IP address of the server to which we want to restrict the user’s connection.
 + 
   * Advanced Options: In the Schedule, Select the Schedule created previously.   * Advanced Options: In the Schedule, Select the Schedule created previously.
  
- +<WRAP info>
 **NOTE:**  This allows a user who connects to the VPN with the IP address of the Tunnel 10.20.30.69 to access only the server 192.168.1.123 during the time range established in the scheduling. **NOTE:**  This allows a user who connects to the VPN with the IP address of the Tunnel 10.20.30.69 to access only the server 192.168.1.123 during the time range established in the scheduling.
  
 Repeat the procedure for each user to whom you want to grant access to the server at a certain time range. Repeat the procedure for each user to whom you want to grant access to the server at a certain time range.
 +</WRAP>
 +
 +----
  
 To prevent the user from accessing other devices on the network, an additional rule that blocks access to everything should be placed UNDER the previously created access rules and associated with it. To prevent the user from accessing other devices on the network, an additional rule that blocks access to everything should be placed UNDER the previously created access rules and associated with it.
pfsense/vpn/openvpn/timed_access_for_openvpn.1613730195.txt.gz · Last modified: 2021/02/19 10:23 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki