2 Different OpenVPN instances w/ unique users?



  • I'm trying to figure out how I can do the following:

    OpenVPN1: 10.1.0.0/24
    OpenVPN2: 10.2.0.0/24

    User1: Can only sign into OpenVPN1, not OpenVPN2
    User2: Can only sign into OpenVPN2, not OpenVPN1

    I've tried setting up different CA's for OpenVPN1 and OpenVPN2. Users have their certs from their respective CA's. If I export the setup for OpenVPN1, and I try to log in with either User1 or User2, it works. I'm thinking this is because Remote Access ( SSL/TLS + User Auth) validates that the OpenVPN file contains the SSL/TLS certs signed by the correct CA, and the User Auth allows for any user who is in the local database. Is there a way to only allow certain users to connect via certain OpenVPN instances?

    The only other semi-descent way I can think of to meet my end goal is to install FreeRadius and have OpenVPN1 auth via FreeRadius, and OpenVPN2 auth via Local Database. I'd really prefer to have all the VPN users in one place, but if there's no way to do it, I'll probably end up going this route.

    Thanks in advance for any ideas you have.



  • @bamhm182 said in 2 Different OpenVPN instances w/ unique users?:

    If I export the setup for OpenVPN1, and I try to log in with either User1 or User2, it works.

    Yes, but only a user cert from the CA which is used by OpenVPN1 can connect.

    User2 has a cert from CA2 which is used by OpenVPN2 and cannot login into OpenVPN1 with that.



  • @viragomann maybe I screwed up then. I had a root CA, and under that I had two intermediate CAs, one for each OVPN. They were both able to log in. I'll try making two root CAs.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy