• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Design question

Scheduled Pinned Locked Moved OpenVPN
2 Posts 1 Posters 431 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    maverick_slo
    last edited by Jan 20, 2018, 11:11 AM

    Hi!

    I have a plan to configure vpn server on port 443 for about 450 devices (used /23)…
    250-300 of them with one set of rules
    100 of them other set
    50 of them other set

    Auth via LDAP (AD).
    Some users 2 devices (same ldap username) and both of them require different set of rules (access).

    So I disabled username as common name in .inc file (btw this should be configurable option) and issued 2 certs with different common names for this client that I can use with client override. For second device I created ovveride with static IP and I can manage rules just fine.

    Would this be best approach?

    For example:

    192.168.1.0/23 is subnet
    192.168.1.2 - 192.168.2.50 –> One IP assigment pool (default pool)
    192.168.2.51-192.168.2.150 --> Second pool (client override)
    192.168.2.151-192.168.2.200 --> third pool (client override)
    192.168.2.201-END --> exception pool, config one by one (client override)

    This way I can work with aliases and craft FW rules really nice but there is a lot of manual work with client ovverides.

    Thoughts and suggestions are most welcome :)

    P.S.
    1. Only one vpn server is possible
    2. 443 TCP is a must
    3. Topology subnet is a must
    4. TUN only

    1 Reply Last reply Reply Quote 0
    • M
      maverick_slo
      last edited by Feb 12, 2018, 3:53 PM

      :)

      No opinions at all?
      Is this soo bad cfg approach that noone won`t even comment it? :)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received