Pfsense OpenVPN client limitation
-
Hi,
I have 2 OpenVPN servers configured in my pfsense server; S1 for Local connections and S2 for Remote (redirect-gateway).
My goal is to limit users to specific resources. For my S1 profile Local VPN, I have created a Client Specific Override where I Selected S1 Server from List, matched username (common name) and added advanced config: "ifconfig-push 192.168.25.145 255.255.255.0;". After setting up Firewall rule for this, it works without a problem.
My S2 configuration is the same, with the difference of S2 Profile beeing Reditect-Gateway server configuration, and using another tunnel network. After creating Client Specific Override for this server, there is no way that I could limit the client in any way, VPN user just won't get this IP which I have configured in the Advanced field.
Is this supposed to be like this, is there any other way to limit my Redirect-gateway server users, or am I missing something?
BR
-
@rkkotnik said in Pfsense OpenVPN client limitation:
After creating Client Specific Override for this server, there is no way that I could limit the client in any way, VPN user just won't get this IP which I have configured in the Advanced field
Which "Advanced field"?
If the CSO is applied to the user, he should get the IP stated in the "IPv4 Tunnel Network" box.
If not check the log if the CSO is even applied.Do you have the same users on both server?
Which authentication type are the servers? -
Thank you for your response!
I meant Advanced filed in the Client specific override.
I got it to work!! The problem was with S2 server configuration, where I forgot to check:
Username as Common NameUse the authenticated client username instead of the certificate common name (CN).
When a user authenticates, if this option is enabled then the username of the client will be used in place of the certificate common name for purposes such as determining Client Specific Overrides.