Author Topic: How to access CWP panels through VPN only  (Read 1465 times)

0 Members and 1 Guest are viewing this topic.

Offline
****
How to access CWP panels through VPN only
« on: February 09, 2018, 08:52:37 PM »
Looking for a way to limit access to root (and perhaps end user) panel(s) through VPN only? The VPN server is up and running but how to route/bind the CWPanels to the VPN and remove access for any other entry point?

Offline
****
Re: How to access CWP panels through VPN only
« Reply #1 on: February 09, 2018, 09:14:05 PM »
nano /usr/local/cwpsrv/conf/cwpsrv.conf

Locate
location / {

add
allow yourip;
deny all;

restart cwp.
service cwpsrv restart

Offline
****
Re: How to access CWP panels through VPN only
« Reply #2 on: February 09, 2018, 09:24:53 PM »
probably silly question "yourip" = server.ip? Because the VPN dial-in address will be dynamic.

The panel port would then be server.ip:vpnport? And it would be the same port for the root user and the end user?

tcp ports 2030,2031,2082,2083,2086,2087,2095,2096 can then be safely removed from the CSF without impeding the usability of CWP?

Offline
****
Re: How to access CWP panels through VPN only
« Reply #3 on: February 09, 2018, 09:28:42 PM »
Your ip means your client ip. You cnat add this rule for dynatic ip.


Offline
****
Re: How to access CWP panels through VPN only
« Reply #4 on: February 09, 2018, 09:33:32 PM »
thanks, but then it is not a viable solution I suppose, considering that I would be be dialing up the VPN always from a static ip ...  :(

If CWP would just implement 2-Step Verification (TOTP) for the panels

Offline
****
Re: How to access CWP panels through VPN only
« Reply #5 on: February 09, 2018, 09:37:11 PM »
On second thought - once the VPN is established the client's IP (any) is becoming the server's IP, is it not?

Offline
****
Re: How to access CWP panels through VPN only
« Reply #6 on: February 09, 2018, 09:39:31 PM »
No. VPN just changes your ip.