Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Firewalling User specific

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 733 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TSO2
      last edited by

      In the OpenVPN firewall section is it possible to firewall per user ( rather than IP or Port )
      They are allocated random WAN IP Addresses so I dont know who is who
      and only certain users should be able to get to certain systems

      V 1 Reply Last reply Reply Quote 0
      • T
        TSO2
        last edited by

        Sorry that should obviosuly be LAN IP Addresses

        bingo600B 1 Reply Last reply Reply Quote 0
        • bingo600B
          bingo600 @TSO2
          last edited by bingo600

          @TSO2
          I doubt pfSense will ever have user based rules.

          But you could make a DHCP reservation based on MAC-Address , so the DHCP server will always hand out the same ip , to the same MAC-Addresss (netcard)

          And then filter on that specific ip address

          I missed the OpenVPN part , see viragoman's post below for a solution

          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

          1 Reply Last reply Reply Quote 0
          • V
            viragomann @TSO2
            last edited by

            @TSO2 said in OpenVPN Firewalling User specific:

            They are allocated random WAN IP Addresses so I dont know who is who

            The are allocated an IP out of the VPN tunnel network, except you're running the server in tap mode and have it bridged to an interface.

            To allocate a specific IP to a certain user you can configure client specific overrides based on the username or the common name in his SSL certificate.

            @TSO2 said in OpenVPN Firewalling User specific:

            and only certain users should be able to get to certain systems

            However, for a view groups of users I'd set up a separate OpenVPN server for each group. Each with a unique tunnel network. So it's easy to assign a specific rules to a user group.

            bingo600B 1 Reply Last reply Reply Quote 1
            • bingo600B
              bingo600 @viragomann
              last edited by

              @viragomann said in OpenVPN Firewalling User specific:

              @TSO2 said in OpenVPN Firewalling User specific:

              They are allocated random WAN IP Addresses so I dont know who is who

              Wan was changed to Lan , in OP's next post.

              If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

              pfSense+ 23.05.1 (ZFS)

              QOTOM-Q355G4 Quad Lan.
              CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @bingo600
                last edited by

                @bingo600 said in OpenVPN Firewalling User specific:

                Wan was changed to Lan , in OP's next post.

                That doesn't matter, whether WAN nor LAN makes any sense to me šŸ˜€ , except the server is in tap mode.
                But for tap he will get rarely support here.

                bingo600B 1 Reply Last reply Reply Quote 0
                • bingo600B
                  bingo600 @viragomann
                  last edited by

                  @viragomann
                  Dooh
                  My mistake i totally missed the OpenVPN part ...
                  Assigned & LAN triggered DHCP in my mindset šŸ˜°

                  If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                  pfSense+ 23.05.1 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @bingo600
                    last edited by

                    @bingo600
                    And I was wondering, you're taking up a lot of work gathering all the MACs of virtual VPN adapters the clients have in use. šŸ˜

                    1 Reply Last reply Reply Quote 0
                    • T
                      TSO2
                      last edited by

                      That is interesting and something I hadnt thought about,
                      Assigning user groups per subnet,
                      As they all have already been applied and distributed that will take some work,
                      But it is a solution
                      Thank you

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.