Topology - separate subnets for Windows clients
-
Hi guys,
As described in the following article, I created some CSC overrides to separate specific users for different access:
https://openvpn.net/index.php/open-source/documentation/howto.html#policy
For an example:
The server is running in network 10.0.1.0, and the CSC override entry provides an address within 10.0.2.0 network for one of the users.
On Windows clients (in my case Windows 10, with OpenVPN client 2.4.2-I601 and TAP 9.21.2), this is running properly, but only when using "net30" topology.I already tried in the CSC settings the option "ifconfig-push 10.0.2.5 255.255.255.0" with "subnet" topology, instead of "ifconfig-push 10.0.2.5 10.0.2.6" with "net30" topology.
But with "subnet" topology it's not working on my Windows clients.As described in the following article, it should be possible, but in this case the client is in the same subnet than the server:
https://community.openvpn.net/openvpn/wiki/Topology
Would it be also possible to get this running properly with "subnet" topology and if the Windows clients are located in a different subnet than the server?
EDIT:
I'm running on pfsense 2.3.4.
Thanks,
snow -
You can create a OpenVPN instance for each group.
OVPN-1 - 10.8.1.0/24 - Group-1
OVPN-2 - 10.8.2.0/24 - Group-2
…..
etc. -
You can create a OpenVPN instance for each group.
OVPN-1 - 10.8.1.0/24 - Group-1
OVPN-2 - 10.8.2.0/24 - Group-2
…..
etc.If I understand correctly you need different WAN IP, or different Port/Proto for each instance.
But I would like to use only one WAN IP and Port/Proto. -
One WAN IP is sufficient.
OVPN-1 UDP or TCP listening on port 1194
OVPN-2 UDP or TCP listening on port 1294So, only port needs to be different.
Using one OVPN instance, I don`t know if is possible on pfSense.