we mostly use Openfire Server with Spark Client in our LAN.
For external usage, e.g. on Android phones, I have to forward some incoming ports from the internet firewall to the OF Server.
Because only very few users should be allowed to connect to OF from the internet, but should be able to connect from LAN, I am looking for a way to limit the external access.
My current setup:
Restrict IPs to 192.168.. (internal) and 123.123.. (the external range our mobile SIM provider uses)
Restrict Resource name to CustomResourceNameXxx (Client Control plugin)
So at this moment, this is very insecure in our case.
At least, it would be great to limit the general usage from non-192.168.* IPs to a very small Active Directory group of users.
Is there a way to achieve this (except forcing VPN)?