Topic: VPN with just one directory acessible

[Jáder]

Hi,

I'd like to create a VPN (for sales people) and after VPN is connected the access should be granted for JUST one or two directories (let's call them the VPN_DIRs).

I'm sure I never saw restrictions about VPN access... so this is my question: can it be done ?

Regards.

Jáder

[Jean-Philippe Pialasse]

well,
you could achieve something close to that by
- making those representatives member of a group that has only access to two ibays.
- configure a routed openvpn for them without access to the lan, except the server , hence only those two ibays.

[Jáder]

Hi Jean-Philippe

That solution appears to be nice. It would be acceptable.

I've looking at https://wiki.contribs.org/OpenVPN but it:
1) appears be done to SME7 and 8 , not SME9
2) is hard to follow with a lot of details.

DOUBT: I'm not sure WHERE is the blocking feature that allow access just to server (not other things on network). I've seen /24 masks (255.255.255.0) not /8 masks!

I'm using PPTP on this server (just for me and small company owner).
Do you think it's safe to try to enable OpenVPN on server ?

I've a PFSense on that network (and it supports OpenVPN): by change , do you know if could I use pfSense for this ?

[DanB35]

I've looking at https://wiki.contribs.org/OpenVPN but it:

I think you want https://wiki.contribs.org/OpenVPN_Routed instead.

I'm using PPTP on this server (just for me and small company owner).

Please stop ASAP; PPTP is horribly insecure.

I've a PFSense on that network (and it supports OpenVPN): by change , do you know if could I use pfSense for this ?

I don't think you could use pfSense for this, as it's going to depend on how you authenticate to the SME Server.

[Jean-Philippe Pialasse]

Dan did show you the one i thought.

The open vpn bridge is available for sme 9 too. Howrver it will give access to whole lan as base feature. Routed vpn will let you do as you want but requires more work to configure.

[Jáder]

I´m trying to install OpenVPN Routed following WIKI... I cannot past the phpKI install.
When try to access phpKI /ca page on server-manager it ask for user authentication and I cannot use same admin credentials!

I´ve installed openvpn-routed rpm and skiped to phpki install, no reboot yet because it´s production time here. Later I´ll try to reboot.
The wiki pages do not tell to reboot (on phpki there are option to issue some other commands).

Can someone help me and I´ll update wiki later ?

Regards

Jáder

[Jáder]

OK, now it's night time ... geek playing time.

I've updated SME with latest updates and signal-events... after reboot phpKI web page works.

BUT
the wiki page say:
"
Using PHPki
If you are using the PHPki contrib to manage your certificates you need to do the following :
Create a new certificate for your OpenVPN server - make sure it is a VPN server only certificate.

Important.png   Note:
Make sure you don't protect the private key with a password
"

And the phpKI page lists password as required field!

[Daniel B.]

Nop. You need to enter a password when you create the CA. But not when you issue a certificate