Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] per user rules

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      alphazo
      last edited by

      Hi,

      I successfully configured my pfSense with the new traffic filtering function. I would like to have different rules depending of the openVPN user.
      I believe that could be done by forcing a specific IP address based upon the CN found in the client certificate. The rules would apply based upon this IP address. Is that the right thing to do?
      This can apparently done in the Client-specific configuration page. However I'm not sure about what to put here. My openVPN address is 192.168.100.0/24 and my LAN is 192.168.0.0/24. Can you help me with those settings?

      Interface IP
      Set this option to push an IP to the client's interface. Expressed as a CIDR range (e.g. 10.5.0.0/16). The first IP in the range will be used as the remote IP of the interface, and the second IP will be used as the local IP of the interface.

      Custom options
      You can put your own custom options here, separated by semi-colons (;). They'll be added to the client-specific configuration.

      Thank you
      Alphazo

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG Offline
        GruensFroeschli
        last edited by

        You have to put exactly what it tells you:
        If 192.168.100.0/24 is your OpenVPN subnet, then the first client will need 192.168.100.4/30, the second 192.168.100.8/30, etc.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • A Offline
          alphazo
          last edited by

          Nice.. thank you very much. When I put 192.168.100.8/30 in the client config, I was able to set filtering rules for the IP 192.168.100.9.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.