Wiki

User Tools

Site Tools

Trace:
pfsense:vpn:openvpn:timed_access_for_openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:vpn:openvpn:timed_access_for_openvpn [2021/02/19 10:30] peterpfsense:vpn:openvpn:timed_access_for_openvpn [2021/02/19 10:41] (current) – [Create Firewall Rules] peter
Line 21: Line 21:
   * Time:  ** Select the time range to apply**.   * Time:  ** Select the time range to apply**.
   * Click **Add Time**.   * Click **Add Time**.
-  * Repeat the procedure to add another time / date range to be assigned to this schedule. 
-  * All created ranges will be displayed under **Configured Ranges**. 
  
 {{:pfsense:vpn:openvpn:pfsense_-_firewall_-_schedules_-_openvpn.png?800|}} {{:pfsense:vpn:openvpn:pfsense_-_firewall_-_schedules_-_openvpn.png?800|}}
 +
 +<WRAP info>
 +**NOTE:**  Repeat the procedure to add additional date/time ranges to this schedule.
 +
 +All created ranges will be displayed under **Configured Ranges**.
 +
 +</WRAP>
  
 ---- ----
Line 41: Line 46:
 In the configuration screen that will appear, it will be sufficient to configure only 2 items: In the configuration screen that will appear, it will be sufficient to configure only 2 items:
  
 +  * Server List:  **Select the OpenVPN Server to associate this with**.
   * Common Name:  **The name of the VPN user**.   * Common Name:  **The name of the VPN user**.
-  * Advanced:  Insert the following string **ifconfig-push [IP_TUNNEL] [NETMASK]**. +  * Advanced:  <code>ifconfig-push 10.20.30.69 255.255.255.0</code>
-    * Where IP_TUNNEL will be the IP address of the tunnel that we would like to be assigned to the user. +
-    * Example:  ifconfig-push 10.20.30.69 255.255.255.0+
  
 <WRAP info> <WRAP info>
 **NOTE:**  See:  [[PFSense:VPN:OpenVPN:Assign a fixed IP to a remote client|Assign a fixed IP to a remote client]]. **NOTE:**  See:  [[PFSense:VPN:OpenVPN:Assign a fixed IP to a remote client|Assign a fixed IP to a remote client]].
 +
 +The format for the **Advanced entry** is:  **ifconfig-push [IP_TUNNEL] [NETMASK]**, where:
 +
 +    * **IP_TUNNEL**:  will be the IP address of the tunnel that we would like to be assigned to the user.
 +    * **NETMASK**:  The network mask to apply. 
  
 Repeat the procedure for each user to be managed. Repeat the procedure for each user to be managed.
 +
 </WRAP> </WRAP>
  
Line 59: Line 69:
 Navigate to **Firewall -> Rules**. Navigate to **Firewall -> Rules**.
  
-  * Select the **OpenVPN** interface. +Select the **OpenVPN** interface. 
-  Click **Add** button to create a new rule to be placed at the top.+ 
 +Click **Add** button to create a new rule to be placed at the top. 
   * Action:  **Pass**.   * Action:  **Pass**.
   * Interface:  **OpenVPN**.   * Interface:  **OpenVPN**.
Line 67: Line 79:
   * Source:  **Single host or alias** **10.20.30.69**.  This is the IP address belonging to the VPN Tunnel network defined previously and assigned to the user concerned.   * Source:  **Single host or alias** **10.20.30.69**.  This is the IP address belonging to the VPN Tunnel network defined previously and assigned to the user concerned.
   * Destination:  **Single host or alias** **192.168.1.123**.  The IP address of the server to which we want to restrict the user’s connection.   * Destination:  **Single host or alias** **192.168.1.123**.  The IP address of the server to which we want to restrict the user’s connection.
 + 
   * Advanced Options: In the Schedule, Select the Schedule created previously.   * Advanced Options: In the Schedule, Select the Schedule created previously.
  
- +<WRAP info>
 **NOTE:**  This allows a user who connects to the VPN with the IP address of the Tunnel 10.20.30.69 to access only the server 192.168.1.123 during the time range established in the scheduling. **NOTE:**  This allows a user who connects to the VPN with the IP address of the Tunnel 10.20.30.69 to access only the server 192.168.1.123 during the time range established in the scheduling.
  
 Repeat the procedure for each user to whom you want to grant access to the server at a certain time range. Repeat the procedure for each user to whom you want to grant access to the server at a certain time range.
 +</WRAP>
 +
 +----
  
 To prevent the user from accessing other devices on the network, an additional rule that blocks access to everything should be placed UNDER the previously created access rules and associated with it. To prevent the user from accessing other devices on the network, an additional rule that blocks access to everything should be placed UNDER the previously created access rules and associated with it.
pfsense/vpn/openvpn/timed_access_for_openvpn.1613730639.txt.gz · Last modified: 2021/02/19 10:30 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki