4. OpenVPN: custom rules for each user

OpenVPN: custom rules for each user

  • M

    Hello,
    I have pfsense 2.0.1
    I work with OpenVPN.
    It's possible to have a specific configuration for each OpenVPN Users, for restrict user to access to specif ip ?
    Actually I have same route ad access for my all users.

    0
  • Rebel Alliance Developer Netgate

    You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.

    0
  • M

    @jimp:

    You can setup a static IP for each user using Client-Specific Overrides for their name, and then filter based on that.

    Tnx jimp.
    I try Client-Specific Overrides and solution works ;)

    I have another problem with specific routes for users.
    If I configure routes on "VPN -> OpenVPN -> Server" -> Advanced box, all works
    The route syntax is this:
    push "route my_network my_subnet";

    If I configure routes on "VPN -> OpenVPN -> Client-Specific Overrides -> my user -> Advanced box, not work.
    I try these syntax:
    push "route my_network my_subnet";
    iroute my_network my_subnet;
    route my_network my_subnet;

    Can you help me ?

    0
  • Rebel Alliance Developer Netgate

    If you want to deliver a route to just that user, then use push just like on the main advanced options.

    iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.

    0
  • R

    @jimp:

    iroute would route a specific subnet to the client (meaning the subnet is at the client's end), and route won't really do anything special in there. Push is what you want.

    I guess that you need "vpn_gateway" Option only if additional parameters were needed?
    push route 192.168.1.0 255.255.255.0 vpn_gateway;

    As tip for the forum because I take a little longer research for it last year:
    We need it to push OpenVPN network independently if user is external or "accidently" internal connected with metric.
    push route 192.168.10.0 255.255.255.0 vpn_gateway 10;
    push route 192.168.11.0 255.255.255.0 vpn_gateway 10;

    (found this tip in german here: http://web.archive.org/web/20110901093327/http://blog.it4sport.de/2009/02/06/openvpn-metric-ich-bin-verwirrt/ )

    0
  • Rebel Alliance Developer Netgate

    I've never seen any situation that called for that syntax. Only this:

    push "route x.x.x.0 255.255.255.0";

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy