Local authentication with groups of users
-
Hello there,
I need to have multiple OpenVPN servers, on each of them, the list of users is different.
Previously, I used an AD authentication and MemberOf filters, but now I need to use the Local Database of pfSenseI saw that there is a possibility to use groups with local users, but I didn't find how to use it with OpenVPN
Does somebody know?
Thanks for any help -
@ppcm
Create a CA for each OpenVPN server and generate the server cert and client certs with it.
So the clients can only connect to that server which has the proper CA assigned to. -
@viragomann Thanks for the answer, but in this case, the user need it's cert in client config, and if the user changes groups, I will need to send a new config, not easy to manage
One more thing, a user can be associated with only one OpenVPNIs there a way to use groups of pfSense?
-
@ppcm said in Local authentication with groups of users:
if the user changes groups, I will need to send a new config, not easy to manage
I'm running multiple OpenVPN servers with different CAs for different user groups for 10 years. Never need to move a user into another group till today.
Is there a way to use groups of pfSense?
No, not the local user groups in OpenVPN.
If you need to replace the functionality of AD you can install the FreeRADIUS package and use it in the OpenVPN servers for authentication.
Authenticating OpenVPN Users with FreeRADIUS
