Per user firewall rules

  • Currently I have a number of clients that connect to my OpenVPN server. All of them have client overrides with static IPs, which allows me to create aliases and give each alias firewall rules to allow/deny access to certain parts of the LAN. If one of the clients has multiple devices that they want to connect, to maintain the ability to set rules, is there a way to make per user rules (so that one user can use one ovpn file on multiple devices) or do I need to create a new user for every device and create a new ovpn file with a client override?

  • Rebel Alliance Developer Netgate

    There is no way to make "per-user" rules using the GUI alone. It is possible to do if the users and rules come via RADIUS, though.

    Giving each client a unique certificate/login and override with a unique IP is best, and the only way to make that work in the GUI.

Log in to reply