Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 Different OpenVPN instances w/ unique users?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 607 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bamhm182
      last edited by

      I'm trying to figure out how I can do the following:

      OpenVPN1: 10.1.0.0/24
      OpenVPN2: 10.2.0.0/24

      User1: Can only sign into OpenVPN1, not OpenVPN2
      User2: Can only sign into OpenVPN2, not OpenVPN1

      I've tried setting up different CA's for OpenVPN1 and OpenVPN2. Users have their certs from their respective CA's. If I export the setup for OpenVPN1, and I try to log in with either User1 or User2, it works. I'm thinking this is because Remote Access ( SSL/TLS + User Auth) validates that the OpenVPN file contains the SSL/TLS certs signed by the correct CA, and the User Auth allows for any user who is in the local database. Is there a way to only allow certain users to connect via certain OpenVPN instances?

      The only other semi-descent way I can think of to meet my end goal is to install FreeRadius and have OpenVPN1 auth via FreeRadius, and OpenVPN2 auth via Local Database. I'd really prefer to have all the VPN users in one place, but if there's no way to do it, I'll probably end up going this route.

      Thanks in advance for any ideas you have.

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        @bamhm182 said in 2 Different OpenVPN instances w/ unique users?:

        If I export the setup for OpenVPN1, and I try to log in with either User1 or User2, it works.

        Yes, but only a user cert from the CA which is used by OpenVPN1 can connect.

        User2 has a cert from CA2 which is used by OpenVPN2 and cannot login into OpenVPN1 with that.

        B 1 Reply Last reply Reply Quote 1
        • B Offline
          bamhm182 @viragomann
          last edited by

          @viragomann maybe I screwed up then. I had a root CA, and under that I had two intermediate CAs, one for each OVPN. They were both able to log in. I'll try making two root CAs.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.