Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: Jáder on May 16, 2017, 02:55:56 AM
-
Hi,
I'd like to create a VPN (for sales people) and after VPN is connected the access should be granted for JUST one or two directories (let's call them the VPN_DIRs).
I'm sure I never saw restrictions about VPN access... so this is my question: can it be done ?
Regards.
Jáder
-
well,
you could achieve something close to that by
- making those representatives member of a group that has only access to two ibays.
- configure a routed openvpn for them without access to the lan, except the server , hence only those two ibays.
-
Hi Jean-Philippe
That solution appears to be nice. It would be acceptable.
I've looking at https://wiki.contribs.org/OpenVPN but it:
1) appears be done to SME7 and 8 , not SME9
2) is hard to follow with a lot of details.
DOUBT: I'm not sure WHERE is the blocking feature that allow access just to server (not other things on network). I've seen /24 masks (255.255.255.0) not /8 masks!
I'm using PPTP on this server (just for me and small company owner).
Do you think it's safe to try to enable OpenVPN on server ?
I've a PFSense on that network (and it supports OpenVPN): by change , do you know if could I use pfSense for this ?
-
I've looking at https://wiki.contribs.org/OpenVPN but it:
I think you want https://wiki.contribs.org/OpenVPN_Routed instead.
I'm using PPTP on this server (just for me and small company owner).
Please stop ASAP; PPTP is horribly insecure.
I've a PFSense on that network (and it supports OpenVPN): by change , do you know if could I use pfSense for this ?
I don't think you could use pfSense for this, as it's going to depend on how you authenticate to the SME Server.
-
Dan did show you the one i thought.
The open vpn bridge is available for sme 9 too. Howrver it will give access to whole lan as base feature. Routed vpn will let you do as you want but requires more work to configure.
-
I´m trying to install OpenVPN Routed following WIKI... I cannot past the phpKI install.
When try to access phpKI /ca page on server-manager it ask for user authentication and I cannot use same admin credentials! :(
I´ve installed openvpn-routed rpm and skiped to phpki install, no reboot yet because it´s production time here. Later I´ll try to reboot.
The wiki pages do not tell to reboot (on phpki there are option to issue some other commands).
Can someone help me and I´ll update wiki later ?
Regards
Jáder
-
OK, now it's night time ... geek playing time.
I've updated SME with latest updates and signal-events... after reboot phpKI web page works.
BUT
the wiki page say:
"
Using PHPki
If you are using the PHPki contrib to manage your certificates you need to do the following :
Create a new certificate for your OpenVPN server - make sure it is a VPN server only certificate.
Important.png Note:
Make sure you don't protect the private key with a password
"
And the phpKI page lists password as required field! :(
-
Nop. You need to enter a password when you create the CA. But not when you issue a certificate