Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Different ACLs for OpenVPN connections

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      streetsfinest
      last edited by

      hi @all,

      i have configured more than 5 client to site connections over openvpn. All this vpns have the same firewall acl.
      now i want to create a new vpn connection. this vpn connection should use another firewall acl. but only this new connection.
      How can i do that ?

      thanks a lot :)

      1 Reply Last reply Reply Quote 0
      • B
        bennyc
        last edited by

        Use a dedicated OpenVPN instance with dedictated subnet, and place one (or more) rules for that subnet on top of the rules with the actions you want for that specific subnet?
        Should not be to difficult to implement & test…  ;)

        4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
        1x PC Engines APU2C4, 1x PC Engines APU1C4

        1 Reply Last reply Reply Quote 0
        • S
          streetsfinest
          last edited by

          hi, thanks for your answer!
          When i add a new OpenVPN server at the openvpn settings, i have to choose a another offical ip address, but i have only one - so the port 1194 is currently in use and i can´t configure a new server. Is there another solution?

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            OpenVPN server can listen on any port you like - you can use 1195 next if you like.
            Make sure to have a firewall rule on WAN that allows access to the port/s you are using.
            When you do a Client Export to make a client config for that server, it will put the port number in the client config so the client will know which port to connect to.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • S
              streetsfinest
              last edited by

              all right, that sounds great - thank you guys!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.