OpenVPN - 2 clients with different access rules



  • Hi there,

    I would like to give two different fw rules to openvpn clients. So I created 2 openVPN servers with the same Peer certificate Authority but different server certificate, on two different port and with two different tunnel network but the same local network.

    I will set up different fw rule between the local network and the two tunnel networks.

    So Client A will connect on local network and access only server A and client B will be able to access all servers on the same local network.

    Unfortunately, I can't find where to associate a client to a particular OpenVPN server. I created several clients but the are all connecting to the first OpenVPN server.

    Clients authenticate only using certificate.

    Any help very appreciated.

    Thank you
    O.


  • Rebel Alliance Developer Netgate

    That is in Client-Specific Overrides in the OpenVPN config. Make an entry for each user's certificate CN, give each of them a hardcoded tunnel network (a /30 inside of your larger tunnel network on the vpn), then set your firewall rules accordingly.


Locked