how to restrict access to limited IP ranges in openvpn

sebastian

1/19/24, 5:13 AM

I am deploying OPENVPN community version.

After my client connects they can potentially route to services on my network, where the OPENVPN server has routes to and can access itself.

How can i tell openvpn to only be able to access a portion of my network?

For example if my openvpn can access these networks: 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24

But I'd only like users on the VPN to access services on 192.168.1.0/24 only. How could I handle this?

I'm currently using UFW as well.

Thanks.

680

1 + 0

openvpn

Score:2

Server

vidarlo

1/19/24, 5:38 AM

But I'd only like users on the VPN to access services on 192.168.1.0/24 only. How could I handle this?

Set up a firewall rule that blocks access from OpenVPN clients range to anything else. Depending on your topology this firewall rule can be set on the OpenVPN machine, or another firewall in your system.

In general you should use firewalls to restrict traffic, not routes or similar.

+ 1

sebastian

1/19/24, 5:44 PM

I'm running UFW with iptables. I don't supposed you have suggestions/links on how to possibly get this done there? I'm new to vpn and a bit naive here.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: how to restrict access to limited IP ranges in openvpn

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.