OpenVPN: custom rules for each user
-
Hello,
I have pfsense 2.0.1
I work with OpenVPN.
It's possible to have a specific configuration for each OpenVPN Users, for restrict user to access to specif ip ?
Actually I have same route ad access for my all users. -
You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.
-
You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.
Tnx jimp.
I try Client-Specific Overrides and solution works ;)I have another problem with specific routes for users.
If I configure routes on "VPN -> OpenVPN -> Server" -> Advanced box, all works
The route syntax is this:
push "route my_network my_subnet";If I configure routes on "VPN -> OpenVPN -> Client-Specific Overrides -> my user -> Advanced box, not work.
I try these syntax:
push "route my_network my_subnet";
iroute my_network my_subnet;
route my_network my_subnet;Can you help me ?
-
If you want to deliver a route to just that user, then use push just like on the main advanced options.
iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.
-
iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.
I guess that you need "vpn_gateway" Option only if additional parameters were needed?
push route 192.168.1.0 255.255.255.0 vpn_gateway;As tip for the forum because I take a little longer research for it last year:
We need it to push OpenVPN network independently if user is external or "accidently" internal connected with metric.
push route 192.168.10.0 255.255.255.0 vpn_gateway 10;
push route 192.168.11.0 255.255.255.0 vpn_gateway 10;(found this tip in german here: http://web.archive.org/web/20110901093327/http://blog.it4sport.de/2009/02/06/openvpn-metric-ich-bin-verwirrt/ )
-
I've never seen any situation that called for that syntax. Only this:
push "route x.x.x.0 255.255.255.0";