Control Web Panel
WebPanel => How to => Topic started by: n8v8r on February 09, 2018, 08:52:37 PM
-
Looking for a way to limit access to root (and perhaps end user) panel(s) through VPN only? The VPN server is up and running but how to route/bind the CWPanels to the VPN and remove access for any other entry point?
-
nano /usr/local/cwpsrv/conf/cwpsrv.conf
Locate
location / {
add
allow yourip;
deny all;
restart cwp.
service cwpsrv restart
-
probably silly question "yourip" = server.ip? Because the VPN dial-in address will be dynamic.
The panel port would then be server.ip:vpnport? And it would be the same port for the root user and the end user?
tcp ports 2030,2031,2082,2083,2086,2087,2095,2096 can then be safely removed from the CSF without impeding the usability of CWP?
-
Your ip means your client ip. You cnat add this rule for dynatic ip.
-
thanks, but then it is not a viable solution I suppose, considering that I would be be dialing up the VPN always from a static ip ... :(
If CWP would just implement 2-Step Verification (TOTP) for the panels
-
On second thought - once the VPN is established the client's IP (any) is becoming the server's IP, is it not?
-
No. VPN just changes your ip.