Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dyn vlan assignment openvpn clients?

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gerard64
      last edited by

      Is it possible to configure somehow openvpn server in pfsense to add clients to specific vlan based on radius groupreply?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What is it you are trying to accomplish?

        OpenVPN clients can't be members of a "VLAN" in any meaningful way but that's a very vague question. You'll have to provide more detail about your goals and maybe a diagram of what you're trying to achieve.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • G
          Gerard64
          last edited by

          Well I have wifi users get a dynamic vlan id wen they logon this works great.
          I can add a user in a group so logged on users get this specific vlan id from my radius and mysql.

          Now I thought would be great if i could do something like that with openvpn. OpenVPN end now in the lan right.
          I have a friend who travels around the world a lot i like to give him openvpn access but i would like to put those openvpn client into a different vlan.
          Would even greater wen i could do this based on user groups vlan id's like the wireless accesspoints.

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            OpenVPN doesn't "end in LAN", you're confused. The VPN tunnel is terminated at the pfSense system after it gets in trough the WAN (or whatever the incoming interface is) interface and standard routing is used to figure out where the traffic coming in from the VPN tunnel gets sent to.

            1 Reply Last reply Reply Quote 0
            • G
              Gerard64
              last edited by

              Oke so I have to put rules into the openvpn interface to stop guest users from connecting to the other local interfaces.
              I could then use a different openvpn server for myself. But then I need to use a different authentication too because else guest users can still access all openvpn servers. So I could use local user database for myself and freeradius for the guests openvpn server. Not exactly what I was hoping I could do but this way it may work.

              Thanks for clarifing the end point of openvpn tunnel.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.