How to setup OpenVpn access for groups of users
-
I would like to setup access to our network based on group user belong to.
For example
User1, and user2 have access to network 192.168.1.0/255, user3 and user4 only to a specific host (e.g 192.168.1.100/32)
Is it possible?
-
You can either install seperate OpenVPN servers with a unique tunnel subnets and ports for listening to for each user group. Each with its own CA for users and server cert. So you can differ your vpn clients by the tunnel subnets.
Or you use client specific overrides to assign a particular IP of the common tunnel to each user and control access by these client IP addresses.
https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server#OpenVPN_Client_specific_overridesBoth only works with SSL/TLS server.
-
Thank you.