Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Multiple OpenVPN servers

    OpenVPN
    2
    4
    1463
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marz last edited by

      Hi,

      I would like to have the ability to have user x logon to VPN and have access to ip 10.0.0.10
      And have user y logon to vpn and have access to ip 10.0.1.10

      I tried to accomplish this by creating 2 OpenVPN servers, but still all users can logon to any VPN.
      How Can I restrict this?

      Thought of using different CA's and user certificates. But I think there is an easier way.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Sounds about right.  Two CAs.  Or two different RADIUS servers (or attribute sets), etc.

        Or you can assign IP addresses to specific users using client specific overrides, push all routes to all users and filter who can access what with your OpenVPN firewall rules.

        You didn't say if this was site-to-site or remote access.  Sounds like remote access.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          marz last edited by

          Ok,  i'll try the override setting. Indeed its client vpn. What do tou mean by push all routes?

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Meaning all clients get routes to 10.0.0.0 and 10.0.1.0.  The firewall rules control who can actually talk to what.

            It just lets you standardize the server config for all users.  You can also just push specific routes to local assets to specific users.  OpenVPN will pretty much be able to do anything you can think of.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy