Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN: custom rules for each user

    OpenVPN
    3
    6
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      ManuelRighi
      last edited by

      Hello,
      I have pfsense 2.0.1
      I work with OpenVPN.
      It's possible to have a specific configuration for each OpenVPN Users, for restrict user to access to specif ip ?
      Actually I have same route ad access for my all users.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          ManuelRighi
          last edited by

          @jimp:

          You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.

          Tnx jimp.
          I try Client-Specific Overrides and solution works ;)

          I have another problem with specific routes for users.
          If I configure routes on "VPN -> OpenVPN -> Server" -> Advanced box, all works
          The route syntax is this:
          push "route my_network my_subnet";

          If I configure routes on "VPN -> OpenVPN -> Client-Specific Overrides -> my user -> Advanced box, not work.
          I try these syntax:
          push "route my_network my_subnet";
          iroute my_network my_subnet;
          route my_network my_subnet;

          Can you help me ?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If you want to deliver a route to just that user, then use push just like on the main advanced options.

            iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • R
              Reiner030
              last edited by

              @jimp:

              iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.

              I guess that you need "vpn_gateway" Option only if additional parameters were needed?
              push route 192.168.1.0 255.255.255.0 vpn_gateway;

              As tip for the forum because I take a little longer research for it last year:
              We need it to push OpenVPN network independently if user is external or "accidently" internal connected with metric.
              push route 192.168.10.0 255.255.255.0 vpn_gateway 10;
              push route 192.168.11.0 255.255.255.0 vpn_gateway 10;

              (found this tip in german here: http://web.archive.org/web/20110901093327/http://blog.it4sport.de/2009/02/06/openvpn-metric-ich-bin-verwirrt/ )

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                I've never seen any situation that called for that syntax. Only this:

                push "route x.x.x.0 255.255.255.0";

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.