0

I have a centos pptp vpn server configured to access my internal ip say

1) 10.XX.XX.21 2) 10.XX.XX.22 3) 10.XX.XX.23 4) 10.XX.XX.24 .....

n)10.XX.XX.n

VPN is working fine with no issue . I would like to know if it is possible to restrict user to a particular internal ip ie user1 can acesses only 10.xx.xx.21 and 10.xx.xx.22.

user384683
  • 9
  • 1

1 Answers1

0

Yes, this can be done by editing /etc/ppp/chap-secrets file with the format to assign the user an IP address based on their credentials. You can then use firewall rules to limit what that IP address can access.

Alternatively you can achieve something similar is to create/modify a script /etc/ppp/ip-up and /etc/ppp/ip-down (or ip-up.local and ip-down.local) to do the firewalling when the connection is started and stopped. [ $1 = interface, $4=local IP, $5=remote IP ]

That said, using PPTP is a very bad idea as it offers very little security (ie the security is broken). You may want to look at using OpenVPN instead - orders of magnitude stronger (and you can also assign users into their own networks)

davidgo
  • 6,222
  • 3
  • 23
  • 41
  • But that is the case when user have static ip right . In my case user don't have a stacic ip to give it on /etc/ppp/chat-secrets . – user384683 Nov 08 '16 at 05:39