This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Idea for Toggling Site-2-Site VPN on/off

Hi!

A customer needs a special feature, which I think, is not available so far...

He wants some users to be able to toggle specific vpn tunnel on and off and vice versa on the astaro. But they shouldn´t get access to the firewall or only to enable/disable the tunnel. I think thats not possible OOTB?

I think it should be a way, thats supported by astaro, but probably, that will be difficult... I´m thinking about a script on the firewall, thats executable and uses cc to activate or deactivate a vpn connection. But propably its not allowed to create users in passwd....?!

Do you have an idea?

Sebastian

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

Sebastian, if the user is not allowed inside WebAdmin, I wouldn't let him onto the command line! You could make a script with cc that uses Putty and an RSA key that does what you want and put it somewhere where he can execute it. You don't want him to have a copy of the private RSA key as that would allow him root access on the command line.

Then again, WHY does the client want to toggle a site-to-site tunnel? That sounds like a workaround to a misconfiguration.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

Sebastian, if the user is not allowed inside WebAdmin, I wouldn't let him onto the command line! You could make a script with cc that uses Putty and an RSA key that does what you want and put it somewhere where he can execute it. You don't want him to have a copy of the private RSA key as that would allow him root access on the command line.

Then again, WHY does the client want to toggle a site-to-site tunnel? That sounds like a workaround to a misconfiguration.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data