Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewalling openvpn clients based on radius

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 358 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      omnipotens
      last edited by

      Question and I am open to any suggestion on a better way to accomplish this.

      I am trying to find the best way to isolate VPN clients to specific networks based on something like Radius or ldap. Is it possible to push firewall rules to pfsense based on Radius auth?

      Basically something like this.

      User1 = VLAN10, 10.10.0.xx/24
      User2 = VLAN20, 10.20.0.xx/24
      User3 = VLAN30, 10.30.0.xx/24 & VLAN20, 10.20.0.xx/24

      I know I can push specific routes to accomplish something close to this but I like to push firewall rules or something..

      Suggestions?

      1 Reply Last reply Reply Quote 0
      • O
        omnipotens
        last edited by

        I found on the features list it supports inACL and outACL but cannot locate any documentation. This sounds like what I am looking for I beleive.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          The inacl/outacl support is there and it uses cisco-style ACL syntax (e.g. "permit tcp from any to any". It's documented in the book but I don't think it's written up anywhere else pfSense-specific that's public.

          The syntax should be the same as anything else that does inacl/outacl via RADIUS replies, so you can probably find some more general documentation that isn't specifically about pfSense, but should still work.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.