Different ACLs for OpenVPN connections



  • hi @all,

    i have configured more than 5 client to site connections over openvpn. All this vpns have the same firewall acl.
    now i want to create a new vpn connection. this vpn connection should use another firewall acl. but only this new connection.
    How can i do that ?

    thanks a lot :)



  • Use a dedicated OpenVPN instance with dedictated subnet, and place one (or more) rules for that subnet on top of the rules with the actions you want for that specific subnet?
    Should not be to difficult to implement & test…  ;)



  • hi, thanks for your answer!
    When i add a new OpenVPN server at the openvpn settings, i have to choose a another offical ip address, but i have only one - so the port 1194 is currently in use and i can´t configure a new server. Is there another solution?



  • OpenVPN server can listen on any port you like - you can use 1195 next if you like.
    Make sure to have a firewall rule on WAN that allows access to the port/s you are using.
    When you do a Client Export to make a client config for that server, it will put the port number in the client config so the client will know which port to connect to.



  • all right, that sounds great - thank you guys!