A. On Wed, 2008-01-30 at 10:47 +1100, [EMAIL PROTECTED] wrote: > Hi sluggers, > > We have OpenVPN server running internally for employees to > access our > network from home. We have a request from a potential client > to access > some internal demo systems. They are happy to install and use > OpenVPN > client, however I won't be happy giving them the full access > to our > network. > > Hence the question. Is it possible to restrict access for > certain > users only to specific set of IP addresses? So everyone except > this > client will be able to use VPN to access everything on the > network as > usual and potential client will be able to access only boxes > on those > specific IP addresses? > > Thanks in advance,
This is quite tricky, not easily answered: 1) openvpn hands out dhcp addresses, not the same one to the same client So you want your employees to access your local network when they get given address 1-to-n, but your customer to not access the network when he gets given 1-to-n. I can concieve of virtual hosts based on port number and an adsl router ... Multiple openvpn sessions based on port numbers ... Saying 'sorry too hard' ... Trusting your customer ... or else what are you doing playing with matches anyway Use a pptp vpn from your 'demo setup' to the customer. You don't care about his security. Cheers James -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
