• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multiple VPN tunnel networks with RADIUS

Scheduled Pinned Locked Moved OpenVPN
2 Posts 1 Posters 523 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Richo 0
    last edited by Jul 4, 2022, 1:15 AM

    My understanding is that to give users different port access via OpenVPN (i.e SSH for some and RDP for others), I need to create multiple VPN tunnel networks, and assign separate rules. While this appears easy with internal authentication I cannot see how to do this with RADIUS, as there is no way to map a network policy in RADIUS, to a specific tunnel network in OpenVPN. Would someone point me in the direction on how to accomplish this.

    I am aware of this OpenVPN script, (which I have not tested) but I was hoping for a method that did not involve modifying the system outside the GUI.
    OpenVPN post_auth link

    P.S. I am running the latest version of pfSense with VPN access working on RADIUS fine. Just after a solution for mapping network policies to tunnel networks.

    Thanks

    1 Reply Last reply Reply Quote 0
    • R
      Richo 0
      last edited by Richo 0 Jul 4, 2022, 5:17 AM Jul 4, 2022, 4:25 AM

      The way I see it I have two choices. I can get a second external IP address and link the client IP address as a second policy condition, although I doubt my ISP will want to hand out IPv4 hens teeth and I am not keen on trail blazing IPv6. My other option is to set up a second RADIUS server which is a bit clunky as well. Fortunately at this stage I only need two different types of VPN's
      I forgot to mention this is Windows Server RADIUS (NPS). Maybe I need to set up FreeRADIUS and use the rules from the man pages, or use LDAP?

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received