Multiple OpenVPN servers
-
Hi,
I would like to have the ability to have user x logon to VPN and have access to ip 10.0.0.10
And have user y logon to vpn and have access to ip 10.0.1.10I tried to accomplish this by creating 2 OpenVPN servers, but still all users can logon to any VPN.
How Can I restrict this?Thought of using different CA's and user certificates. But I think there is an easier way.
Any ideas?
-
Sounds about right. Two CAs. Or two different RADIUS servers (or attribute sets), etc.
Or you can assign IP addresses to specific users using client specific overrides, push all routes to all users and filter who can access what with your OpenVPN firewall rules.
You didn't say if this was site-to-site or remote access. Sounds like remote access.
-
Ok, i'll try the override setting. Indeed its client vpn. What do tou mean by push all routes?
-
Meaning all clients get routes to 10.0.0.0 and 10.0.1.0. The firewall rules control who can actually talk to what.
It just lets you standardize the server config for all users. You can also just push specific routes to local assets to specific users. OpenVPN will pretty much be able to do anything you can think of.