Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 10-20-2006, 02:06 PM   #1
Registered: Sep 2004
Location: NH
Distribution: FC6, FC1-4, RH9, Gentoo 2006.0/1, Slackware 10.1/2,11, Vector SOHO 5.0.1
Posts: 237

Rep: Reputation: 30
Restricting access to a specific port by MAC address

Here is my scenario:

I have one laptop that I wish to use OpenVPN with to another server. This laptop resides on a Wireless Network which gets SNAT'd to a wired network via IPtables and a Linux router. At the moment ANY laptop with OpenVPN can access the VPN server on the wired network.

I wish to restrict access to the OpenVPN port (I am using the default 1194 for simplicity) to the single MAC address of the one laptop I wish to use. How could this be done?

Thanks in advance

PS -
If that cannot be done, how about this solution.
Let's say I put an additional NIC in the Linux Router that goes to the same wired network. How could I set the above one laptop to use that NIC instaead of the regular one? Thus at that point I could give the second NIC a different IP and set my OpenVPN server to only accept connections from the second NIC.
Old 10-20-2006, 03:58 PM   #2
Senior Member
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
I am not sure of a solution purely within OpenVPN, as I have not had the pleasure of using it yet. However, I do know that iptables can filter based on MAC address. You will need the MAC match extension enabled in your kernel. Also, do be aware that MAC addresses are trivial spoofed...
Old 10-23-2006, 04:05 AM   #3
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
Not sure I understand the problem - if you control the OpenVPN server and only want one laptop to access it then generating new keys for the server and client will secure it?
Old 10-23-2006, 01:55 PM   #4
Registered: Sep 2004
Location: NH
Distribution: FC6, FC1-4, RH9, Gentoo 2006.0/1, Slackware 10.1/2,11, Vector SOHO 5.0.1
Posts: 237

Original Poster
Rep: Reputation: 30
Yes. Sorry. I was not familiar with OpenVPN's certificate/keys procedure when I posted it. the certs/key combinations are sufficient.

Thanks alot!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting access to a port based upon uid? Termina Linux - Security 2 08-20-2006 10:32 AM
get mac address given a specific interface kpachopoulos Programming 6 06-07-2006 02:41 AM
bridge port mac address fssengg Linux - Networking 3 05-30-2005 07:41 AM
restricting service based on mac address sixth_sense Linux - Networking 3 09-28-2004 08:59 PM
Relay email for specific domains to an external address on a non-standard port BaDaBooM Linux - Networking 2 03-18-2003 10:40 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:19 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration