Client Specific Overrides



  • Hello,

    To give different access to the network with the OpenVPN server for users , I create each time a "Client Specific Overrides" with a "tunnel network" more specific.

    Exemple:

    OpenVPN Serveur tunnel network : 192.168.100.0/24
    User1 : 192.168.156.64/26
    User2 : 192.168.156.128/26

    And I create specific rules for each prefix / 26 in the firewall

    But since I have update my pfSense, all the more specific prefixes than /25 do not work. The problem is that I can not do a lot of /25 in a /24 . Why /26 or /27 is not long working? Can not connect with OpenVPN Client

    thanks


  • LAYER 8 Global Moderator

    If your using client overrides why would you not just give the user specific IP in your tunnel and then make your rules based upon their IP directly why would they need a /26?  Are you wanting vpn users to be able to talk to each other while they are all connected to the vpn directly?

    If you want to use the /cidr in your firewall rules that fine to give a group of users access to something, etc.  A few rev back they did change the default behavior of the topology and net30, etc..

    https://redmine.pfsense.org/issues/5526

    If you were using net30 you can change it back to that..



  • @johnpoz:

    why would you not just give the user specific IP in your tunnel

    Even better! But how we specify a specific IP for a user in tunnel ? Same configuration (Client Specific Overrides) with a CIDR / 32 ?


Log in to reply