The Adtran community holiday season is starting next week! The holiday period will span from December 21, 2024 to January 6, 2025. During this time, responses to feedback form submissions may be delayed. If you are encountering product issues, you can reach out to Adtran support at any time.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tekat
New Contributor II

VPN vs Local User MAJOR issue ...

Jump to solution

So i've made a VPN for mobile pc client...

PSK and Xauth enable...

create local user on the netvanta 3448.

configure the client with the PSK...

Everything works Number 1..... well it works to much

All the local user have access to the web, ssh or any other interface to... This AINT good

How can i restrict user to the VPN connection only and thing else...

Can't create a new user list ... unless it`s hidden somewhere or any other similar stuff...

VPN is a wonderfull thing but when youre user can change information in the web interface THIs AINT GOOD....

Thanks !

0 Kudos
1 Solution

Accepted Solutions
tekat
New Contributor II

Re: VPN vs Local User MAJOR issue ...

Jump to solution

After speaking with an adtran rep... Radius server is the only way possible or me to do it right....

View solution in original post

0 Kudos
10 Replies
Anonymous
Not applicable

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Are using the GUI or command line?

tekat
New Contributor II

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Both aint a problem !

Anonymous
Not applicable

Re: VPN vs Local User MAJOR issue ...

Jump to solution

System -> Passwords -> Portal-List (Tab)

Create a new portal list with everything checked.

Back under users apply the list to your login but not the VPN user.

tekat
New Contributor II

Re: VPN vs Local User MAJOR issue ...

Jump to solution

What I did earlier today :

- Create an admin portal list:

   - Added the user in that portal list that needed to be.

- All other user are in <none>

   - All those user can log into the https or ssh interface without any problem.

So guessing what you have wrote is what i did;.... unless i'm wrong...

Thanks for helping... let`s sole this out !

Anonymous
Not applicable

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Try creating a new portal-list that only has console enabled and apply it to the VPN users.

Under the "Enable" tab make sure a password is set.

The user will be able to login but without the enable password they wont be able to change anything.

tekat
New Contributor II

Re: VPN vs Local User MAJOR issue ...

Jump to solution

I've added a new portal-list named: VPNAccess with Console access checked only.

User X as VPNAccess as his portal.

The user X can`t connect with VPN (bridge dosen`t link itself) but the user X can`t connect to SSL anymore wich is the good thing !

pre-shared key configured

bringing up tunnel ...

user authentication error

tunnel disabled

detached from key daemon

Anonymous
Not applicable

Re: VPN vs Local User MAJOR issue ...

Jump to solution

I recall I had a similar problem awhile back.

Once a portal-list is attached to a user it won’t authenticate.

At the time we used the Radius option (FreeRADIUS).

I’m not sure if there is another way but perhaps someone from Adtran can chime in.

tekat
New Contributor II

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Any 1 else have a suggestion ???

tekat
New Contributor II

Re: VPN vs Local User MAJOR issue ...

Jump to solution

After speaking with an adtran rep... Radius server is the only way possible or me to do it right....

0 Kudos
Anonymous
Not applicable

Re: VPN vs Local User MAJOR issue ...

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi