OVPN Multi-user Filter
-
I've searched all through the forums on a solution to my issue with no luck. I'm hoping someone could help me out.
I've successfully got OpenVPN connections through the standard setup. I know want to apply custom filters to my VPN users. I've successfully applied filters to my OVPN (using the Disable all auto-added VPN rules) based on one user.
what i would like to accomplish is something similar to the following.
OVPN User1 - Address pool 10.1.0.0/24 โ> Connect to Entire LAN (LAN=10.11.0.0/24)
OVPN User2 - Address pool 10.2.0.0/24 --> Connect to Server1 10.11.0.11 (LAN=10.11.0.0/24)
OVPN User3 - Address pool 10.3.0.0/24 --> Connect to Server1 & Server2 10.11.0.11 & 10.11.0.12 (LAN=10.11.0.0/24)Is it possible to setup multiple interfaces for this?
Example
User1 - TUN1
User2 - TUN2
User3 - TUN3Currently using v1.2.3 with 2 NICS (WAN & LAN) with TUN1 setup on the Opt1 interface.
how would I go about this, perhaps I'm over thinking this or its simply not possible with v1.2.3? Any help would be appreciated
Thanks
-
You could use a separate OpenVPN instance for each user, but it's also possible (and arguably better) to use a single instance and use the Client-Specific Configuration to force each user to a specific source IP address and then filter based on that.
-
I'll have to use your suggestion because I can't get more than one Opt Interfaces to show anyway.
So correct me if I'm wrong, you suggest to create 1 OVPN server (server tab); then create Client-Specific users (Client-Specific Configuration tab)?
what IP to do "push" to the client in the client config section? Would this be my address pool mentioned (i.e. user1 10.1.0.0./24) etc. ?
-
Yes, the client-specific tab is where those go. If your tunnel network is 10.1.0.0/24, you can push any /30 from inside that subnet to your clients. For example 10.1.0.128/30 for user1, 10.1.0.132/30 for user2, 10.1.0.136/30 for user3, 10.1.0.140/30 for user4, and so on, and so on.
-
That worked perfectly!
I just tested the setup you suggested with 3 test users and had filtering working exactly the way I want.
Thanks for the help!