Hi
Can I create a traffic rule where I specify the source IP with domain name?
I would like to limit the VPN access to our summer cottage so it only accept the IP from my home. My home router uses DDNS.
/mrhaav
This requires to periodically re-resolve your domain name and update firewall rules accordingly.
It doesn't look to be simple and reliable to implement, and I don't think it's worth the effort.
Depending on your VPN type, it's better to utilize some other ways for security hardening.
Hi
I use this script and run it as a cronjob.
#!/bin/sh
dnsIP=$(nslookup <ip.domain.eu> | grep 'Address 1' | awk '{print $NF}')
fwIP=$(uci get firewall.ovpn.src_ip)
if [ $fwIP != $dnsIP ]
then
uci set firewall.ovpn.src_ip=$dnsIP
uci commit firewall.ovpn.src_ip
logger -t ovpnFW OpenVPN firewall src_ip change $fwIP -> $dnsIP
else
logger -t ovpnFW OpenVPN firewall src_ip $fwIP
fi
Note that you risk losing access if your DDNS provider stops working one day.
I think it's better to use tls-crypt and restrict user and group dropping the service privileges.
I will use tls as well.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.