4. Firewalling openvpn clients based on radius

Firewalling openvpn clients based on radius

  • O

    Question and I am open to any suggestion on a better way to accomplish this.

    I am trying to find the best way to isolate VPN clients to specific networks based on something like Radius or ldap. Is it possible to push firewall rules to pfsense based on Radius auth?

    Basically something like this.

    User1 = VLAN10, 10.10.0.xx/24
    User2 = VLAN20, 10.20.0.xx/24
    User3 = VLAN30, 10.30.0.xx/24 & VLAN20, 10.20.0.xx/24

    I know I can push specific routes to accomplish something close to this but I like to push firewall rules or something..

    Suggestions?

    0
  • O

    I found on the features list it supports inACL and outACL but cannot locate any documentation. This sounds like what I am looking for I beleive.

    0
  • Rebel Alliance Developer Netgate

    The inacl/outacl support is there and it uses cisco-style ACL syntax (e.g. "permit tcp from any to any". It's documented in the book but I don't think it's written up anywhere else pfSense-specific that's public.

    The syntax should be the same as anything else that does inacl/outacl via RADIUS replies, so you can probably find some more general documentation that isn't specifically about pfSense, but should still work.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy