Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
2 IPsec VPNs on one OPENsense with different access to local machines
« previous
next »
Print
Pages: [
1
]
Author
Topic: 2 IPsec VPNs on one OPENsense with different access to local machines (Read 1283 times)
atoll
Newbie
Posts: 10
Karma: 0
2 IPsec VPNs on one OPENsense with different access to local machines
«
on:
February 24, 2022, 05:09:01 pm »
Hi,
I‘m running an OPENsense 22.1 gateway that provides 2 VPN endpoints:
#1. IKEv2, EAP-MSCHAP, FreeRadius for my road warriors
#2. IKEv1, PSK, Site-to-Site for access to a Windows Remote Desktop Machine and it‘s ability to scan and print back into my local network.
ATM, my firewall rule is simple: Everything in my local Network is accessible from anybody who is allowed to access the VPNs. That was a good solution, as long as I only had VPN #1.
For VPN #2, I‘d like to restrict the access to an IP range of 10.10.0.18 - 10.10.0.35 -> this is my local fixed range for my printers and scanners.
The OPENsense has a fixed external IP address that also resolves into a FQDN.
The remote endpoint gateway for VPN #2 has a fixed IP that also resolves into a FQDN.
Would it be sufficient to build a firewall rule and place it first into the parse order that declares the following:
„All traffic coming from the Interface IPsec with origins from [fixed IP of VPN #2 remote endpoint] can access local network from 10.10.0.18 - 10.10.0.35“?
Is that possible/clever/simple?
Options?
In if advised: How exactly would that look like?
Thanks!
-cg-
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
2 IPsec VPNs on one OPENsense with different access to local machines