[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec access control.

To: misc@openbsd.org
Subject: IPsec access control.
From: John Kerbawy <john@maKintosh.com>
Date: Fri, 19 Jan 2001 09:45:12 -0600
Content-Disposition: inline
User-Agent: Mutt/1.2.4i

Hello.

I've been playing around with IPsec using OpenBSD 2.8 and NAI's PGP
Desktop (PGPNet) client. I've successfully created an IPsec connection
between PGPNet and OpenBSD, and I've even gotten PGPnet to talk to a
private, non-routable network that's behind the OpenBSD box.

My problem is this: How can I limit the access of VPN users?

Everyone who VPNs in doesn't need and probably shouldn't have access
to all the internal servers. Remote clients aren't always going to be
coming from the same IP address so it's hard to firewall them out by
that. PGPnet supports a feature called 'virtual identities' that's also
known as 'Phase 1.5' and 'transaction exchange'. Supposedly this feature
can retrieve an IP address and other configuration information from the
gateway. I'd like to be able to bind an internal IP address to a secret
passphrase so I will then be able to use IP Filter or any other internal
firewall to limit the access of users.

Any suggestions or places to look in implementing something like this?

Thanks.

__ 
John Kerbawy <john@maKintosh.com>

Follow-Ups:
- Re: IPsec access control.
  - From: John Kerbawy <john@maKintosh.com>

Prev by Date: Problems in first boot
Next by Date: Re: ipsec routing question
Prev by thread: Re: Problems in first boot
Next by thread: Re: IPsec access control.
Index(es):
- Date
- Thread