vpn problem

root root at epsilon.rdc.pl
Mon Apr 11 12:47:01 CEST 2005


On Sat, Apr 09, 2005 at 06:18:39PM +0159, Nagy Zoltan wrote:
> i'm think about how can i set up a vpn on our lan,
> and make possible that not all systems are reachable by the connected vpn 
> users
> something like that user A have access to our data servers only, but user B 
> can access the database,firewall servers
> i'm thinking about that if the clients can login to the vpn gw server i 
> could use gid match to put the clients ip in a recent list,
> and i can use the recent lists to mark the packets and filter by that ;)
> i'm thinking about that i've missed something...and there is a simpler 
> solution ;)

Depends on the vpn technique.
I would just use different openvpn connections with different keys, so
the users cannot use "not their" conections. Then you can easily add
filter rules in the openvpn up-script.



More information about the netfilter mailing list