OpenVPN for different users
Hi, I need to setup a pfSense/OpenVPN combo whose goal is to have groups/categories of people able to connect from outside.
Each group/category must have a specific access policy, and I don't want to manage single users.
My idea consists in creating N server certificates, one for each group, spawn a OpenVPN instance for any of them and set each OpenVPN instance to release a specific pool of addresses.
Now, without the ability to filter OpenVPN incoming traffic, I realized I had to NAT to the inside IP interface only for permitted communications: without a NAT servers on the Inside interfaces havo no routes to the VPN Clients.
Is there a more intelligent way to achieve the same result?
You can try to create N server in the OpenVPN page setup, with different port and different certificate…