OVPN Multi-user Filter



  • I've searched all through the forums on a solution to my issue with no luck. I'm hoping someone could help me out.

    I've successfully got OpenVPN connections through the standard setup. I know want to apply custom filters to my VPN users. I've successfully applied filters to my OVPN (using the Disable all auto-added VPN rules) based on one user.

    what i would like to accomplish is something similar to the following.

    OVPN User1 - Address pool 10.1.0.0/24 –> Connect to Entire LAN (LAN=10.11.0.0/24)
    OVPN User2 - Address pool 10.2.0.0/24 --> Connect to Server1 10.11.0.11 (LAN=10.11.0.0/24)
    OVPN User3 - Address pool 10.3.0.0/24 --> Connect to Server1 & Server2 10.11.0.11 & 10.11.0.12 (LAN=10.11.0.0/24)

    Is it possible to setup multiple interfaces for this?

    Example

    User1 - TUN1
    User2 - TUN2
    User3 - TUN3

    Currently using v1.2.3 with 2 NICS (WAN & LAN) with TUN1 setup on the Opt1 interface.

    how would I go about this, perhaps I'm over thinking this or its simply not possible with v1.2.3? Any help would be appreciated

    Thanks


  • Rebel Alliance Developer Netgate

    You could use a separate OpenVPN instance for each user, but it's also possible (and arguably better) to use a single instance and use the Client-Specific Configuration to force each user to a specific source IP address and then filter based on that.



  • I'll have to use your suggestion because I can't get more than one Opt Interfaces to show anyway.

    So correct me if I'm wrong, you suggest to create 1 OVPN server (server tab); then create Client-Specific users (Client-Specific Configuration tab)?

    what IP to do "push" to the client in the client config section? Would this be my address pool mentioned (i.e. user1 10.1.0.0./24) etc. ?


  • Rebel Alliance Developer Netgate

    Yes, the client-specific tab is where those go. If your tunnel network is 10.1.0.0/24, you can push any /30 from inside that subnet to your clients. For example 10.1.0.128/30 for user1, 10.1.0.132/30 for user2, 10.1.0.136/30 for user3, 10.1.0.140/30 for user4, and so on, and so on.



  • That worked perfectly!

    I just tested the setup you suggested with 3 test users and had filtering working exactly the way I want.

    Thanks for the help!


Log in to reply