Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OVPN Multi-user Filter

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dguy
      last edited by

      I've searched all through the forums on a solution to my issue with no luck. I'm hoping someone could help me out.

      I've successfully got OpenVPN connections through the standard setup. I know want to apply custom filters to my VPN users. I've successfully applied filters to my OVPN (using the Disable all auto-added VPN rules) based on one user.

      what i would like to accomplish is something similar to the following.

      OVPN User1 - Address pool 10.1.0.0/24 โ€“> Connect to Entire LAN (LAN=10.11.0.0/24)
      OVPN User2 - Address pool 10.2.0.0/24 --> Connect to Server1 10.11.0.11 (LAN=10.11.0.0/24)
      OVPN User3 - Address pool 10.3.0.0/24 --> Connect to Server1 & Server2 10.11.0.11 & 10.11.0.12 (LAN=10.11.0.0/24)

      Is it possible to setup multiple interfaces for this?

      Example

      User1 - TUN1
      User2 - TUN2
      User3 - TUN3

      Currently using v1.2.3 with 2 NICS (WAN & LAN) with TUN1 setup on the Opt1 interface.

      how would I go about this, perhaps I'm over thinking this or its simply not possible with v1.2.3? Any help would be appreciated

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You could use a separate OpenVPN instance for each user, but it's also possible (and arguably better) to use a single instance and use the Client-Specific Configuration to force each user to a specific source IP address and then filter based on that.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          dguy
          last edited by

          I'll have to use your suggestion because I can't get more than one Opt Interfaces to show anyway.

          So correct me if I'm wrong, you suggest to create 1 OVPN server (server tab); then create Client-Specific users (Client-Specific Configuration tab)?

          what IP to do "push" to the client in the client config section? Would this be my address pool mentioned (i.e. user1 10.1.0.0./24) etc. ?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Yes, the client-specific tab is where those go. If your tunnel network is 10.1.0.0/24, you can push any /30 from inside that subnet to your clients. For example 10.1.0.128/30 for user1, 10.1.0.132/30 for user2, 10.1.0.136/30 for user3, 10.1.0.140/30 for user4, and so on, and so on.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D
              dguy
              last edited by

              That worked perfectly!

              I just tested the setup you suggested with 3 test users and had filtering working exactly the way I want.

              Thanks for the help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.