OpenVPN - 2 clients with different access rules
I would like to give two different fw rules to openvpn clients. So I created 2 openVPN servers with the same Peer certificate Authority but different server certificate, on two different port and with two different tunnel network but the same local network.
I will set up different fw rule between the local network and the two tunnel networks.
So Client A will connect on local network and access only server A and client B will be able to access all servers on the same local network.
Unfortunately, I can't find where to associate a client to a particular OpenVPN server. I created several clients but the are all connecting to the first OpenVPN server.
Clients authenticate only using certificate.
Any help very appreciated.
That is in Client-Specific Overrides in the OpenVPN config. Make an entry for each user's certificate CN, give each of them a hardcoded tunnel network (a /30 inside of your larger tunnel network on the vpn), then set your firewall rules accordingly.