• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Limit OpenVPN access for certain user to only certain IP in the local network

Scheduled Pinned Locked Moved OpenVPN
4 Posts 3 Posters 22.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    emammadov
    last edited by Feb 6, 2017, 5:50 PM

    Hi all,
    I'd like to know if it's possible to limit the access for certain user to a certain IP in my local network when connecting from VPN.

    The scenario is the following:
    -user1 and user2 connect via VPN using openvpn client and can see all my internal network
    -user3 connect via VPN using openvpn client but can only access to one server with IP x.x.x.x
    -user4 connect via VPN using openvpn client but can only access to another server with IP x.x.x.y

    Is this possible? If yes, please let me know what steps to to clearly.

    Thanks in advance

    Elvin

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Feb 6, 2017, 9:46 PM

      When using SSL/TLS it is.

      Go to VPN > OpenVPN > Client specific overrides and add an override rule for each client you want to control by firewall rule.
      Select the VPN server, enter the users common name as it is set in the users certificate. At tunnel network enter a small subnet (/30) of the server tunnel network, e.g. if the tunnel network is 10.0.8.0/24 enter 10.0.8.156/30 for user3 and 10.0.8.160/30 for user4.
      In the IPv4 Local networks box enter the particular host address, the user is allowed to access, e.g. x.x.x.x/32, enter the other options to meet your needs.

      Now if one of these users connects he will get an IP of the specified subnet (the third IP of the subnet, first IP is the network, second the server) and you may use these IPs or also the whole subnets in firewall rules on OpenVPN tab to allow or restrict access for these users.

      1 Reply Last reply Reply Quote 0
      • P
        pfBasic Banned
        last edited by Feb 6, 2017, 9:53 PM

        You can assign static IP's to your clients.
        https://forum.pfsense.org/index.php?topic=77590.0
        https://www.iceflatline.com/2014/01/how-to-assign-static-ip-addresses-to-openvpn-clients-in-pfsense/

        Then write firewall rules to control each user via their static IP.

        1 Reply Last reply Reply Quote 1
        • E
          emammadov
          last edited by Feb 8, 2017, 6:48 AM

          Thank you very much for your help.

          Elvin

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received