Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - 2 clients with different access rules

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      O Van Dho
      last edited by

      Hi there,

      I would like to give two different fw rules to openvpn clients. So I created 2 openVPN servers with the same Peer certificate Authority but different server certificate, on two different port and with two different tunnel network but the same local network.

      I will set up different fw rule between the local network and the two tunnel networks.

      So Client A will connect on local network and access only server A and client B will be able to access all servers on the same local network.

      Unfortunately, I can't find where to associate a client to a particular OpenVPN server. I created several clients but the are all connecting to the first OpenVPN server.

      Clients authenticate only using certificate.

      Any help very appreciated.

      Thank you
      O.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That is in Client-Specific Overrides in the OpenVPN config. Make an entry for each user's certificate CN, give each of them a hardcoded tunnel network (a /30 inside of your larger tunnel network on the vpn), then set your firewall rules accordingly.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.