Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN: custom rules for each user

    OpenVPN
    3
    6
    3722
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      ManuelRighi last edited by

      Hello,
      I have pfsense 2.0.1
      I work with OpenVPN.
      It's possible to have a specific configuration for each OpenVPN Users, for restrict user to access to specif ip ?
      Actually I have same route ad access for my all users.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.

        1 Reply Last reply Reply Quote 0
        • M
          ManuelRighi last edited by

          @jimp:

          You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.

          Tnx jimp.
          I try Client-Specific Overrides and solution works ;)

          I have another problem with specific routes for users.
          If I configure routes on "VPN -> OpenVPN -> Server" -> Advanced box, all works
          The route syntax is this:
          push "route my_network my_subnet";

          If I configure routes on "VPN -> OpenVPN -> Client-Specific Overrides -> my user -> Advanced box, not work.
          I try these syntax:
          push "route my_network my_subnet";
          iroute my_network my_subnet;
          route my_network my_subnet;

          Can you help me ?

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            If you want to deliver a route to just that user, then use push just like on the main advanced options.

            iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.

            1 Reply Last reply Reply Quote 0
            • R
              Reiner030 last edited by

              @jimp:

              iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.

              I guess that you need "vpn_gateway" Option only if additional parameters were needed?
              push route 192.168.1.0 255.255.255.0 vpn_gateway;

              As tip for the forum because I take a little longer research for it last year:
              We need it to push OpenVPN network independently if user is external or "accidently" internal connected with metric.
              push route 192.168.10.0 255.255.255.0 vpn_gateway 10;
              push route 192.168.11.0 255.255.255.0 vpn_gateway 10;

              (found this tip in german here: http://web.archive.org/web/20110901093327/http://blog.it4sport.de/2009/02/06/openvpn-metric-ich-bin-verwirrt/ )

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                I've never seen any situation that called for that syntax. Only this:

                push "route x.x.x.0 255.255.255.0";

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy