<![CDATA[[SOLVED] per user rules]]>Hi,

I successfully configured my pfSense with the new traffic filtering function. I would like to have different rules depending of the openVPN user.
I believe that could be done by forcing a specific IP address based upon the CN found in the client certificate. The rules would apply based upon this IP address. Is that the right thing to do?
This can apparently done in the Client-specific configuration page. However I'm not sure about what to put here. My openVPN address is 192.168.100.0/24 and my LAN is 192.168.0.0/24. Can you help me with those settings?

Interface IP
Set this option to push an IP to the client's interface. Expressed as a CIDR range (e.g. 10.5.0.0/16). The first IP in the range will be used as the remote IP of the interface, and the second IP will be used as the local IP of the interface.

Custom options
You can put your own custom options here, separated by semi-colons (;). They'll be added to the client-specific configuration.

Thank you
Alphazo

]]>https://forum.netgate.com/topic/20149/solved-per-user-rulesRSS for NodeWed, 15 Apr 2026 22:26:01 GMTTue, 22 Dec 2009 17:36:53 GMT60<![CDATA[Reply to [SOLVED] per user rules on Tue, 22 Dec 2009 18:02:21 GMT]]>Nice.. thank you very much. When I put 192.168.100.8/30 in the client config, I was able to set filtering rules for the IP 192.168.100.9.

]]>https://forum.netgate.com/post/217214https://forum.netgate.com/post/217214Tue, 22 Dec 2009 18:02:21 GMT<![CDATA[Reply to [SOLVED] per user rules on Tue, 22 Dec 2009 17:51:34 GMT]]>You have to put exactly what it tells you:
If 192.168.100.0/24 is your OpenVPN subnet, then the first client will need 192.168.100.4/30, the second 192.168.100.8/30, etc.

]]>https://forum.netgate.com/post/217210https://forum.netgate.com/post/217210Tue, 22 Dec 2009 17:51:34 GMT