• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] per user rules

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    alphazo
    last edited by Dec 22, 2009, 6:00 PM Dec 22, 2009, 5:36 PM

    Hi,

    I successfully configured my pfSense with the new traffic filtering function. I would like to have different rules depending of the openVPN user.
    I believe that could be done by forcing a specific IP address based upon the CN found in the client certificate. The rules would apply based upon this IP address. Is that the right thing to do?
    This can apparently done in the Client-specific configuration page. However I'm not sure about what to put here. My openVPN address is 192.168.100.0/24 and my LAN is 192.168.0.0/24. Can you help me with those settings?

    Interface IP
    Set this option to push an IP to the client's interface. Expressed as a CIDR range (e.g. 10.5.0.0/16). The first IP in the range will be used as the remote IP of the interface, and the second IP will be used as the local IP of the interface.

    Custom options
    You can put your own custom options here, separated by semi-colons (;). They'll be added to the client-specific configuration.

    Thank you
    Alphazo

    1 Reply Last reply Reply Quote 0
    • G
      GruensFroeschli
      last edited by Dec 22, 2009, 5:51 PM

      You have to put exactly what it tells you:
      If 192.168.100.0/24 is your OpenVPN subnet, then the first client will need 192.168.100.4/30, the second 192.168.100.8/30, etc.

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • A
        alphazo
        last edited by Dec 22, 2009, 6:02 PM

        Nice.. thank you very much. When I put 192.168.100.8/30 in the client config, I was able to set filtering rules for the IP 192.168.100.9.

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received