Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Different ACCESS for each VPN USER

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lightsaver
      last edited by

      Hi guys
      I have a vpn server  built with pfsense that i would like that when my external workers  access the network over vpn they can access the local network….but when a particular group of users connect they are restricted to a particular part of my network...could someone please direct me to the right information...or how i should configure it..
      I will be grateful

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        Set up a particular VPN server for each security group, each with different tunnel subnet, and control the access by the source addresses.

        1 Reply Last reply Reply Quote 0
        • L Offline
          lightsaver
          last edited by

          Thank you very much for your reply….i am very grateful....but where do i configure the diferent subnets....at the overrides...or are there any tutorials you know for this....thank you

          1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann
            last edited by

            My suggestion was to set up two vpn servers, both with SSL/TLS and user auth.

            E.g. user group A gets access to vpn server A.
            port: 1194
            peer cert. authority: A
            tunnel subnet: 10.0.8.0/24
            users and vpn server get certificates from CA A

            user group B gets access to server B
            port: 1195
            peer cert. authority: B
            tunnel subnet: 10.0.9.0/24
            users and vpn server get certificates from CA B

            Now you can filter the users in firewall rule by their tunnel subnet. Users of group A will have an IP in 10.0.8.0/24, users of B will have an IP in 10.0.9.0/24.
            However, this only works with SSL-Auth.

            Client specific overrides are also an option here, but if there are a plenty of users in each group this will be a quantity of work to configure.

            1 Reply Last reply Reply Quote 0
            • L Offline
              lightsaver
              last edited by

              Thank you very much…i will try it...Thank you for your speedy reply

              1 Reply Last reply Reply Quote 0
              • L Offline
                lightsaver
                last edited by

                Thank you very much…it worked

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.