LinuxQuestions.org - Restricting access to a specific port by MAC address

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Restricting access to a specific port by MAC address (https://www.linuxquestions.org/questions/linux-networking-3/restricting-access-to-a-specific-port-by-mac-address-494181/)

Restricting access to a specific port by MAC address

Here is my scenario:

I have one laptop that I wish to use OpenVPN with to another server. This laptop resides on a Wireless Network which gets SNAT'd to a wired network via IPtables and a Linux router. At the moment ANY laptop with OpenVPN can access the VPN server on the wired network.

I wish to restrict access to the OpenVPN port (I am using the default 1194 for simplicity) to the single MAC address of the one laptop I wish to use. How could this be done?

Thanks in advance

PS -
If that cannot be done, how about this solution.
Let's say I put an additional NIC in the Linux Router that goes to the same wired network. How could I set the above one laptop to use that NIC instaead of the regular one? Thus at that point I could give the second NIC a different IP and set my OpenVPN server to only accept connections from the second NIC.

I am not sure of a solution purely within OpenVPN, as I have not had the pleasure of using it yet. However, I do know that iptables can filter based on MAC address. You will need the MAC match extension enabled in your kernel. Also, do be aware that MAC addresses are trivial spoofed...

Not sure I understand the problem - if you control the OpenVPN server and only want one laptop to access it then generating new keys for the server and client will secure it?

Yes. Sorry. I was not familiar with OpenVPN's certificate/keys procedure when I posted it. the certs/key combinations are sufficient.

Thanks alot!