Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tekat
New Contributor II
‎12-19-2012 10:47 AM

VPN vs Local User MAJOR issue ...

Jump to solution

So i've made a VPN for mobile pc client...

PSK and Xauth enable...

create local user on the netvanta 3448.

configure the client with the PSK...

Everything works Number 1..... well it works to much

All the local user have access to the web, ssh or any other interface to... This AINT good

How can i restrict user to the VPN connection only and thing else...

Can't create a new user list ... unless it`s hidden somewhere or any other similar stuff...

VPN is a wonderfull thing but when youre user can change information in the web interface THIs AINT GOOD....

Thanks !

0 Kudos
Reply
1 Solution

Accepted Solutions
tekat
New Contributor II
‎12-19-2012 03:16 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

After speaking with an adtran rep... Radius server is the only way possible or me to do it right....

View solution in original post

0 Kudos
Reply
10 Replies
Anonymous
Not applicable
‎12-19-2012 01:00 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Are using the GUI or command line?

0 Kudos
Accept as Solution Reply
tekat
New Contributor II
‎12-19-2012 01:03 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Both aint a problem !

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-19-2012 01:09 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

System -> Passwords -> Portal-List (Tab)

Create a new portal list with everything checked.

Back under users apply the list to your login but not the VPN user.

Accept as Solution Reply
tekat
New Contributor II
‎12-19-2012 01:15 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

What I did earlier today :

- Create an admin portal list:

   - Added the user in that portal list that needed to be.

- All other user are in <none>

   - All those user can log into the https or ssh interface without any problem.

So guessing what you have wrote is what i did;.... unless i'm wrong...

Thanks for helping... let`s sole this out !

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-19-2012 01:20 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Try creating a new portal-list that only has console enabled and apply it to the VPN users.

Under the "Enable" tab make sure a password is set.

The user will be able to login but without the enable password they wont be able to change anything.

0 Kudos
Accept as Solution Reply
tekat
New Contributor II
‎12-19-2012 01:46 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

I've added a new portal-list named: VPNAccess with Console access checked only.

User X as VPNAccess as his portal.

The user X can`t connect with VPN (bridge dosen`t link itself) but the user X can`t connect to SSL anymore wich is the good thing !

pre-shared key configured

bringing up tunnel ...

user authentication error

tunnel disabled

detached from key daemon

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-19-2012 01:56 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

I recall I had a similar problem awhile back.

Once a portal-list is attached to a user it won’t authenticate.

At the time we used the Radius option (FreeRADIUS).

I’m not sure if there is another way but perhaps someone from Adtran can chime in.

0 Kudos
Accept as Solution Reply
tekat
New Contributor II
‎12-19-2012 02:03 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

Any 1 else have a suggestion ???

0 Kudos
Accept as Solution Reply
tekat
New Contributor II
‎12-19-2012 03:16 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

After speaking with an adtran rep... Radius server is the only way possible or me to do it right....

0 Kudos
Reply
Anonymous
Not applicable
‎09-06-2013 12:43 PM

Re: VPN vs Local User MAJOR issue ...

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi

0 Kudos
Accept as Solution Reply