Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OVPN Single site, multiple remote users

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bgroper
      last edited by

      Hello forum
      I posted my question at this link, because the spam blocker won't let me post directly here.
      https://imgur.com/a/DuXs9LF
      Sorry I can't do it a-better-way.
      Thanks for any replies.

      I'm not a complete idiot. There's still a few pieces missing.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by Gertjan

        Hi,

        So you have OpenVPN, using the OpenVPN server on pfSense working.
        OpenVPN Clients will have access to your company LAN, that host these PC's.

        If every user has the Windows user credentials of their own PC, they should be able to login, using RDP, into their own PC - and not the other PC's ... right ?

        Never tried, but it might be possible to give every OpenVPN user a dedicated 'fixed' IP on the VPN tunnel network.
        Like DCP versus satic IP.
        Then you could make a firewall rule on the OpenVPN firewall interface that 'locks' every connected VPN user to their PC only.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • B
          bgroper
          last edited by bgroper

          Yes, that about sums it up.
          OpenVPN is up and running.
          Everyone knows how to login to their own Windoze boxen.
          Right now I'm hoping all the users can connect via the 10.1.1.0/24 subnet, and login to their windoze.
          One-to-one mapping between remote users and their personal desktops is the objective.
          TIA's for any clues or tips.

          I'm not a complete idiot. There's still a few pieces missing.

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by Rico

            With CSOs (Client Specific Overrides) you can bind Users to a fixed IP address inside your OpenVPN tunnel network.
            After that you can go crazy with the Rules per User like I do. 😁
            pfSense_OpenVPN_User-Rules.png
            You can also group Users with Firewall Aliases and use them in Firewall Rules, depends on how complex your setup is.

            -Rico

            B 2 Replies Last reply Reply Quote 1
            • B
              bgroper @Rico
              last edited by bgroper

              @Rico said in OVPN Single site, multiple remote users:

              With CSOs (Client Specific Overrides) you can bind Users to a fixed IP address inside your OpenVPN tunnel network.

              Thanks for the reply. I'll do some review, reading, research of CSO's.

              I'm not a complete idiot. There's still a few pieces missing.

              1 Reply Last reply Reply Quote 0
              • B
                bgroper @Rico
                last edited by bgroper

                @Rico
                Thanks for suggestion.
                That works really nicely. Just like having a DHCP server handing out "static" IP addresses, in the OpenVPN subnet.
                I give you a thumbs up.

                I'm not a complete idiot. There's still a few pieces missing.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.