If a user has SSH or GUI access they can do anything they want with
the box since AFAIK there is no conditional user access.
Consequently I'm not sure what's wrong with binding the OpenVPN
management interface to localhost and either telneting from within a
SSH session or just running a shell script through the GUI.
However in answer to your question I can't see any issue with setting
up a firewall rule to block access to the port the interface is bound
to. Just seems more hassle than it's worth.
If my PHP were worth more than diddly squat I'd be tempted to write
something.
On 7 May 2008, at 16:47, "Curtis LaMasters"
<[EMAIL PROTECTED]> wrote:
Would it be possible to write a firewall rule to only allow specific
IP addresses inside to connect to the management interface on that
specific port? I know IP's can be spoofed but it would at least
lower some concern.
--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
