Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Specific Overrides Security

    OpenVPN
    3
    4
    335
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      McMurphy
      last edited by

      I see the IPv4 Local Network states:
      "These are the IPv4 server-side networks that will be accessible from this particular client. Expressed as a comma-separated list of one or more CIDR ranges or host/network type aliases.
      NOTE: Networks do not need to be specified here if they have already been defined on the main server configuration."

      Does this mean this IPv4 value can be used to restrict a dial in user to a particular network?

      I have been told the only way to restrict a dial in user user to a particular network is to create an OpenVPN server for each network and then have the user dial in on that network. This way FW rules can be employed to control network access.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @McMurphy
        last edited by

        @McMurphy Those are the routes that will be told to the client.. You can always just firewall what you don't want them to access, or allow to access.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        M 1 Reply Last reply Reply Quote 0
        • M
          McMurphy @johnpoz
          last edited by

          @johnpoz
          Thank you but if all users on on the same VPN server how best to differentiate between users to firewall some and not others?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @McMurphy
            last edited by

            @McMurphy said in Client Specific Overrides Security:

            but if all users on on the same VPN server how best to differentiate between users to firewall some and not others?

            With firewall rules.

            In the CSO you can state a unique virtual IP (tunnel network) for each client. Then you can use this in firewall rules as source to allow certain accesses.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.