I have a contractor that will need access to our Xen Orchestra web interface.
Currently XOA is only accessible via vpn and we have no intention to make it publicly accessible.
I created a simple pfSense user no admin right so they can use OpenVPN to access our network.
When I tested it, that user can see the entire network the same way I do because on my OpenVPN server config I have set all our subnet in the ‘IPv4 Local network(s)’ field to I can manage it all.
How can I force this user to only see the Xen Orchestra IP once connected to the VPN?
We do this by setting up pfsense and the free radius plugin that will assign users an IP address then creating rules for that IP that restrict them to only the things you want them to have access to. https://youtu.be/jEK-O3U3gdg
@LTS_Tom I watched the video and its exactly what I wanted. Thank you
I currently have a vpn server using ‘Local Database’, is it simply a matter of selecting the ‘RadServer’ backend for it to work?