Different ACCESS for each VPN USER
-
Hi guys
I have a vpn server built with pfsense that i would like that when my external workers access the network over vpn they can access the local network….but when a particular group of users connect they are restricted to a particular part of my network...could someone please direct me to the right information...or how i should configure it..
I will be grateful -
Set up a particular VPN server for each security group, each with different tunnel subnet, and control the access by the source addresses.
-
Thank you very much for your reply….i am very grateful....but where do i configure the diferent subnets....at the overrides...or are there any tutorials you know for this....thank you
-
My suggestion was to set up two vpn servers, both with SSL/TLS and user auth.
E.g. user group A gets access to vpn server A.
port: 1194
peer cert. authority: A
tunnel subnet: 10.0.8.0/24
users and vpn server get certificates from CA Auser group B gets access to server B
port: 1195
peer cert. authority: B
tunnel subnet: 10.0.9.0/24
users and vpn server get certificates from CA BNow you can filter the users in firewall rule by their tunnel subnet. Users of group A will have an IP in 10.0.8.0/24, users of B will have an IP in 10.0.9.0/24.
However, this only works with SSL-Auth.Client specific overrides are also an option here, but if there are a plenty of users in each group this will be a quantity of work to configure.
-
Thank you very much…i will try it...Thank you for your speedy reply
-
Thank you very much…it worked