Dyn vlan assignment openvpn clients?



  • Is it possible to configure somehow openvpn server in pfsense to add clients to specific vlan based on radius groupreply?


  • Rebel Alliance Developer Netgate

    What is it you are trying to accomplish?

    OpenVPN clients can't be members of a "VLAN" in any meaningful way but that's a very vague question. You'll have to provide more detail about your goals and maybe a diagram of what you're trying to achieve.



  • Well I have wifi users get a dynamic vlan id wen they logon this works great.
    I can add a user in a group so logged on users get this specific vlan id from my radius and mysql.

    Now I thought would be great if i could do something like that with openvpn. OpenVPN end now in the lan right.
    I have a friend who travels around the world a lot i like to give him openvpn access but i would like to put those openvpn client into a different vlan.
    Would even greater wen i could do this based on user groups vlan id's like the wireless accesspoints.



  • OpenVPN doesn't "end in LAN", you're confused. The VPN tunnel is terminated at the pfSense system after it gets in trough the WAN (or whatever the incoming interface is) interface and standard routing is used to figure out where the traffic coming in from the VPN tunnel gets sent to.



  • Oke so I have to put rules into the openvpn interface to stop guest users from connecting to the other local interfaces.
    I could then use a different openvpn server for myself. But then I need to use a different authentication too because else guest users can still access all openvpn servers. So I could use local user database for myself and freeradius for the guests openvpn server. Not exactly what I was hoping I could do but this way it may work.

    Thanks for clarifing the end point of openvpn tunnel.