OpenVPN IPSEC ISOLATION
-
Hello all,
I have a IPSEC connexion beetwen two pfsense as below.
LAN1 (192.168.17.0/24)–---pFsense1 ----ipsec------ pFsense2--------LAN2 (10.3.4.0/20).
I added a OpenVPN connexion to my first LAN1, in the network (192.168.18.0/24).
My topology works well, with my mobile I can reach the 10.3.4.X devices through the OpenVPN and IPSEC tunnel.My question is about to isolate the OpenVPN client.
For exemple, toto1 get a Ip adress on the OpenVPN and can reach only the 10.3.4.Y devices...
At long term, I will have more than 300 users, and I cannot juste use firewall rules...I need a scalable solution to do that.
Moreover, the users cannot ping others users even in the same subnetSo my questions :
How to isolate OpenVPN networks ? Iptables ?
How can I log the users ? LDAP ? VLAN ?Thanks you for your time, your reflexion and your proposition.
Sorry for my english.
A+