Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    remote access client users > different VLANs

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 550 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      red_uk
      last edited by

      Hi,

      Long time lurker, first post.

      I've been looking for an excuse to get my hands properly dirty on pfsense, having been using vyatta/edgerouters, cisco and fortigates for a while, but have been interested in pfsense's capabilities.

      I think i might have found that use case :)

      I have multiple VLANs internally which I need granted to external users securely from their client PCs on public IPs.

      I'm thinking along the lines of specific OpenVPN users being granted access to a specific VLAN.

      Has anyone built a similar config?

      Is there another completely different method of achieving this I've missed?

      I'd be grateful for any pointers.

      Chris.

      1 Reply Last reply Reply Quote 0
      • R
        red_uk
        last edited by

        any takers? I've googled the tips of my fingers off on this one :/

        1 Reply Last reply Reply Quote 0
        • RicoR
          Rico LAYER 8 Rebel Alliance
          last edited by

          AFAIK you can't just say User A get access to VLAN20 and User B to VLAN30. In OpenVPN you want to use tun mode which is Layer 3 anyway.
          BUT in pfSense you have your VLANs in Interfaces with IP subnets configured, right?
          Say VLAN20 is 192.168.20.0/24 network, VLAN30 is 192.168.30.0/24
          Sure you can say User A is only allowed to talk to the 192.168.20.0/24 network, User B only to 192.168.30.0/24 with Firewall Rules.
          You can also run separate OpenVPN Instances, one per VLAN and route only the according network to your connecting User. This will also spread the load. :-)

          -Rico

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by NogBadTheBad

            FreeRadius and hand IP addresses (framed) out that you can use in firewall rules for the clients, I do it with IPsec so I can access everything and friends can only access the internet.

            Sort of pointless if all the users PCs the LAN side of pfSense are all on the same subnet.

            
"andy" Cleartext-Password := "XXXXXXXX", Simultaneous-Use := "1", Expiration := "Apr 11 2027", NAS-Identifier == strongSwan 

	Framed-IP-Address = 172.16.8.4,
	Framed-IP-Netmask = 255.255.255.0,
	Framed-Route = "0.0.0.0/0 172.16.8.1 1"

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.