Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Block access to webGUI in a specific VLAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block access to webGUI in a specific VLAN (Read 3316 times)
Leviathan
Newbie
Posts: 28
Karma: 0
Block access to webGUI in a specific VLAN
«
on:
January 22, 2021, 06:56:54 pm »
Good evening!
I have a question to ask: in the company we have an external consultant who deals exclusively with the maintenance of the voip pbx, therefore in order to allow him to work I created a dedicated openVPN server that allows him to access exclusively the VLAN of the voip and the class of ip addresses assigned to both the switchboard and the telephones (192.168.5.0/24).
By doing so, it cannot ping or reach other VLANs or address classes.
It can reach the pbx webGUI but it can also reach the OPNSense webGUI, which is reachable at the default gateway address (192.168.5.1) of the vlan voip.
At the level of the openVPN certificate, administrative access to the webgui is clearly disabled, but I would like this page to be unreachable for that vpn server and its possible users.
I assume you can do a dedicated rule on the firewall, but I honestly have no idea how to block this.
Thanks in advance for the help.
Logged
A rainy day...
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Block access to webGUI in a specific VLAN
«
Reply #1 on:
January 22, 2021, 09:56:28 pm »
Create a rule to block the VPN IP from accessing the VLAN gateway on ports 80 and 443, and place it above the rule that allows the VPN IP to access the VLAN
Logged
Leviathan
Newbie
Posts: 28
Karma: 0
Re: Block access to webGUI in a specific VLAN
«
Reply #2 on:
January 22, 2021, 11:39:49 pm »
I need to put the rule under "Firewall - NAT - Portforward" or "Firewall - Rules - OpenVPN"?
Logged
A rainy day...
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Block access to webGUI in a specific VLAN
«
Reply #3 on:
January 22, 2021, 11:49:54 pm »
On the interface, so OpenVPN if that is yours
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Block access to webGUI in a specific VLAN