[EMAIL PROTECTED] wrote:
Quoting Andre Kolodochka <[EMAIL PROTECTED]>:
Hi sluggers,
We have OpenVPN server running internally for employees to access our
network from home. We have a request from a potential client to access
some internal demo systems. They are happy to install and use OpenVPN
client, however I won't be happy giving them the full access to our
network.
Hence the question. Is it possible to restrict access for certain
users only to specific set of IP addresses? So everyone except this
client will be able to use VPN to access everything on the network as
usual and potential client will be able to access only boxes on those
specific IP addresses?
I'm interested in achieving exactly that also within our project.
The situation that we have is that our remote support people want to
access the server and then go out to individual (possibly windows)
workstations on the network.
They can do that at the moment by opening vnc on the server and using
the remote desktop client to go to the client machines. That is not
ideal, but it does work.
It would be really handy to be able to run some sort of script on the
server to allow this to happen easily.
It's really good to here that there is actually so much expertise in
this area on the mailing list.
I am myself trying to come up with an easy gui interface, maybe in
python, just to select all the hosts that would be available in the
remote site. Click one and open access.
So I am interested in what others are doing here...
You could simply use a web page that is dynamically updated (if needed)
with info as to what machines are available on the network. Clicking on
links could then open a vnc connection using the java applet that vnc
comes with. This way, remote staff vpn in to the network - get access to
the intranet page with all machines listed (maybe with some sort of
authentication) and simply click to open a vnc session to that machine.
Without giving it much thought, there are likely to be security issues
though
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
