It is currently 19.11.2017 21:49


All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: mehrere rw mit bot unterschiedliche zugriffsrechte?
PostPosted: 16.03.2009 12:15 
DES
DES

Joined: 16.03.2009 12:10
Posts: 2
Hallo.
Habe den IPCOP 1.4.21 und zerina 0.9.7a14.

Konfiguriert sind derzeit 2 RW und 1 Net2Net

nun meine Frage: Ist es möglich den RW's unterschiedliche rechte per BOT zu geben?

Der Server hat ja standardmäßig das ovpn subnetz 10.10.10.0/24 . Die RW's haben ja nur das Zertifikat.
Nun möchte ich, das z.b. RW1 auf alle server zugreifen darf, RW2 aber nur auf einen.

Wie kann man das per BOT rrealisieren? kann man den einzelnen RW's ip-adressen zuweisen, damit man diese per BOT reglementieren kann?


Top
Offline Profile  
Reply with quote  
 Post subject: Re: mehrere rw mit bot unterschiedliche zugriffsrechte?
PostPosted: 16.03.2009 13:44 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Ja das geht mit per-Client Konfigurationen:
Quote:
--ifconfig-push local remote-netmask
Push virtual IP endpoints for client tunnel, overriding the --ifconfig-pool dynamic allocation.

The parameters local and remote-netmask are set according to the --ifconfig directive which you want to execute on the client machine to configure the remote end of the tunnel. Note that the parameters local and remote-netmask are from the perspective of the client, not the server. They may be DNS names rather than IP addresses, in which case they will be resolved on the server at the time of client connection.

This option must be associated with a specific client instance, which means that it must be specified either in a client instance config file using --client-config-dir or dynamically generated using a --client-connect script.

Remember also to include a --route directive in the main OpenVPN config file which encloses local, so that the kernel will know to route it to the server's TUN/TAP interface.

Quote:
--client-config-dir dir
Specify a directory dir for custom client config files. After a connecting client has been authenticated, OpenVPN will look in this directory for a file having the same name as the client's X509 common name. If a matching file exists, it will be opened and parsed for client-specific configuration options. If no matching file is found, OpenVPN will instead try to open and parse a default file called "DEFAULT", which may be provided but is not required.

This file can specify a fixed IP address for a given client using --ifconfig-push, as well as fixed subnets owned by the client using --iroute.

One of the useful properties of this option is that it allows client configuration files to be conveniently created, edited, or removed while the server is live, without needing to restart the server.

The following options are legal in a client-specific context: --push, --push-reset, --iroute, --ifconfig-push, and --config.


http://openvpn.net/index.php/documentat ... tml#policy

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject: Re: mehrere rw mit bot unterschiedliche zugriffsrechte?
PostPosted: 16.03.2009 14:51 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2188
oder durch Nutzung des ./ccd Ordners
da kannst du jedem Client immer die gleiche (VPN-IP)Addresse geben.....

Aber... Bedenke: BOT setzt an einer anderen Stelle an!...
Theoretisch ...und da funktioniert das nicht so simpel .. kannst du BOT für die devices "nach aussen" konfigurieren... praktisch greift der openVPN Server aber innen ...und die Pakete sind auch durch ein NAT gelaufen......vielleicht ist was über MAC-Id machbar..

F.


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net