LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   IPsec - tunnel restrictions and users (https://www.linuxquestions.org/questions/linux-networking-3/ipsec-tunnel-restrictions-and-users-887773/)

lucorlis 06-22-2011 12:35 PM
IPsec - tunnel restrictions and users
 
Hello all,

While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this: http://riobard.com/blog/2010-04-30-l...-ipsec-ubuntu/ ), I am now stuck on the next steps.

While I can connect to everything I want, I need to configure "access-groups" and/or "users".

The scenario is similar to this:
Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).

I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors

(I made this example up to give you an idea what i'm trying to do - hope it makes sense).

Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?

lucorlis 06-22-2011 01:47 PM
Bummer, I was constantly looking at the wrong ends of it: IPsec, xl2tpd, Windows (just cause), but in the end I didn't fully check one thing: PPP

Modifying the chap-secrets file I can assign a distinct local IP to each user. That of course can be used with IPtables to restrict its access in any way I want.


All times are GMT -5. The time now is 04:16 AM.