Find the answer to your Linux question:
Results 1 to 6 of 6
Dear community, I am looking for a way to make sure that only company notebooks can be used to connect to a strongswan vpn server, somekind of unique identifier that ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2013
    Posts
    1

    VPN making sure only company notebooks can connect


    Dear community,
    I am looking for a way to make sure that only company notebooks can be used to connect to a strongswan vpn server, somekind of unique identifier that can be checked when establishing a vpn connection.
    I would be gratefull for any suggestion as I am quite stumped as to how this could be achieved.

  2. #2
    Linux User
    Join Date
    Dec 2011
    Location
    Turtle Island West
    Posts
    370
    Couldn't you go by MAC addresses?

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Have you looked at port knocking?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by Miven View Post
    Couldn't you go by MAC addresses?
    On a local network it would work but for a remote network it would not.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Just Joined!
    Join Date
    Jul 2013
    Posts
    4
    Can you use Certificates ? It will be a more work for you but you will be sure that only PCs with the right Certs can connect ...
    I never user strongswan so i don't know how exactly it works with certs ...

    Best regards
    Yavor

  6. #6
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,578
    You can configure OpenVPN to only allow certain users (with validated certificates) to connect to the VPN. Remember, your users may need to get a new (or temporary) computer occasionally, and locking to specific computers may not be useful - it is also difficult to manage. Remember, just because they have a network connection with the VPN tools, they also have to have appropriate access privileges to login to any system. With SSH you can further restrict access with SSH to specific computers, users, etc, and require SSL keys to connect in addition to user ID and passwords. We use all of these techniques at Nokia to keep people out of our network systems, and trust me, our security people are real nit pickers with regard to network security! They perform regular audits of all systems, firewalls, routers, permissions, etc. From time to time I get a nastygram from them telling me to tighten up our security in some fashion or other!
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •