Multiple VPN tunnel networks with RADIUS
-
My understanding is that to give users different port access via OpenVPN (i.e SSH for some and RDP for others), I need to create multiple VPN tunnel networks, and assign separate rules. While this appears easy with internal authentication I cannot see how to do this with RADIUS, as there is no way to map a network policy in RADIUS, to a specific tunnel network in OpenVPN. Would someone point me in the direction on how to accomplish this.
I am aware of this OpenVPN script, (which I have not tested) but I was hoping for a method that did not involve modifying the system outside the GUI.
OpenVPN post_auth linkP.S. I am running the latest version of pfSense with VPN access working on RADIUS fine. Just after a solution for mapping network policies to tunnel networks.
Thanks
-
The way I see it I have two choices. I can get a second external IP address and link the client IP address as a second policy condition, although I doubt my ISP will want to hand out IPv4 hens teeth and I am not keen on trail blazing IPv6. My other option is to set up a second RADIUS server which is a bit clunky as well. Fortunately at this stage I only need two different types of VPN's
I forgot to mention this is Windows Server RADIUS (NPS). Maybe I need to set up FreeRADIUS and use the rules from the man pages, or use LDAP?