Different ACCESS for each VPN USER



  • Hi guys
    I have a vpn server  built with pfsense that i would like that when my external workers  access the network over vpn they can access the local network….but when a particular group of users connect they are restricted to a particular part of my network...could someone please direct me to the right information...or how i should configure it..
    I will be grateful



  • Set up a particular VPN server for each security group, each with different tunnel subnet, and control the access by the source addresses.



  • Thank you very much for your reply….i am very grateful....but where do i configure the diferent subnets....at the overrides...or are there any tutorials you know for this....thank you



  • My suggestion was to set up two vpn servers, both with SSL/TLS and user auth.

    E.g. user group A gets access to vpn server A.
    port: 1194
    peer cert. authority: A
    tunnel subnet: 10.0.8.0/24
    users and vpn server get certificates from CA A

    user group B gets access to server B
    port: 1195
    peer cert. authority: B
    tunnel subnet: 10.0.9.0/24
    users and vpn server get certificates from CA B

    Now you can filter the users in firewall rule by their tunnel subnet. Users of group A will have an IP in 10.0.8.0/24, users of B will have an IP in 10.0.9.0/24.
    However, this only works with SSL-Auth.

    Client specific overrides are also an option here, but if there are a plenty of users in each group this will be a quantity of work to configure.



  • Thank you very much…i will try it...Thank you for your speedy reply



  • Thank you very much…it worked