Restricting access to a specific port by MAC address
Here is my scenario:
I have one laptop that I wish to use OpenVPN with to another server. This laptop resides on a Wireless Network which gets SNAT'd to a wired network via IPtables and a Linux router. At the moment ANY laptop with OpenVPN can access the VPN server on the wired network. I wish to restrict access to the OpenVPN port (I am using the default 1194 for simplicity) to the single MAC address of the one laptop I wish to use. How could this be done? Thanks in advance PS - If that cannot be done, how about this solution. Let's say I put an additional NIC in the Linux Router that goes to the same wired network. How could I set the above one laptop to use that NIC instaead of the regular one? Thus at that point I could give the second NIC a different IP and set my OpenVPN server to only accept connections from the second NIC. |
I am not sure of a solution purely within OpenVPN, as I have not had the pleasure of using it yet. However, I do know that iptables can filter based on MAC address. You will need the MAC match extension enabled in your kernel. Also, do be aware that MAC addresses are trivial spoofed...
|
Not sure I understand the problem - if you control the OpenVPN server and only want one laptop to access it then generating new keys for the server and client will secure it?
|
Yes. Sorry. I was not familiar with OpenVPN's certificate/keys procedure when I posted it. the certs/key combinations are sufficient.
Thanks alot! |
All times are GMT -5. The time now is 02:03 PM. |