Tweet
Hello:
This is my X problem:
1. Dose OpenVPN check data integrity from client ?
For example: Server "push 192.168.100.0 255.255.255.0". But my SUPER-HACKER-FOO-BAR client will route all data like "192.168.1.123" which I should not touch. Dose OpenVPN server check data to pervent this?
2. Dose OpenVPN has OSI lv4 ( TCP/UDP port ) ACL feature internaly ?
I know I can write some script with --client-connect script can make client static. With iptables I can make a solution. But I need manually maintance a really really really complex iptabels and pre-allocate address to all clients. Is there any apporch to implements with a internal feature ? For example what if openvpn will apply a filter to each connection:
To pervent XY problem. Here is my Y problem:
How to implements User/Group and Resource Binding ?
Let's say my TPLINK router SSL VPN feature ( or cisco router is same ):
1. Create resources object ( address + netmask + protocol + port if tcp/udp )
2. Create groups and users
3. Bind resources to group
That product implement enforced client access permission. Dose any apporch do this in OpenVPN?
This is my X problem:
1. Dose OpenVPN check data integrity from client ?
For example: Server "push 192.168.100.0 255.255.255.0". But my SUPER-HACKER-FOO-BAR client will route all data like "192.168.1.123" which I should not touch. Dose OpenVPN server check data to pervent this?
2. Dose OpenVPN has OSI lv4 ( TCP/UDP port ) ACL feature internaly ?
I know I can write some script with --client-connect script can make client static. With iptables I can make a solution. But I need manually maintance a really really really complex iptabels and pre-allocate address to all clients. Is there any apporch to implements with a internal feature ? For example what if openvpn will apply a filter to each connection:
Code:
# An imagination client config generate by my [B]--client-connect [/B] # If this is true, Will also solve problem 1 acl-table ALLOW 192.168.100.100 255.255.255.255 ANY acl-table ALLOW 192.168.100.200 255.255.255.255 TCP ANY 8080 acl-table ALLOW 192.168.100.200 255.255.255.255 UDP ANY 8080 acl-table REJECT 0.0.0.0 0.0.0.0 ANY
How to implements User/Group and Resource Binding ?
Let's say my TPLINK router SSL VPN feature ( or cisco router is same ):
1. Create resources object ( address + netmask + protocol + port if tcp/udp )
2. Create groups and users
3. Bind resources to group
That product implement enforced client access permission. Dose any apporch do this in OpenVPN?