Ok so a bit of a long winded question (and it may be a multifaceted question sorry). Also FYI we have a pritunl Enterprise licence.
Currently our pritunl VPN server is publicly accessible, ideally this would be locked down to our backup DC easy to achieve with FW rules However that breaks the function of allowing users to only get the profiles via the URI link…
Also within the Temporary profile links i can disable the tar, zip and Chromebook downloads but the URL to view the profile not only includes the URI link but also the 2SA authentication Key and QR code.
Now I’m happy they have the URI link, Im happy they have the download client (although that can go as well as these are managed devices) Im also really happy they have the option to change there PIN Perfect.
But the QR code and the Key nope - although i would be happy if they had to put there PIN in to see it …
So in reflection
I want to be able to restrict the Admin portal to internal IPs and named external IPs But still have the Profile URL accessible publicly.
the Pritunl User Profile Page i want to remove the 2SA Key and QR code or hide it behind an auth screen.
Oh and one other thing while i think about it - i dont’ really want my help desk guys having access to the servers, hosts and links pages but i do want them to add users and approve device registrations.
How do i do all of this?