Local User Group for OpenVPN



  • Hi guys,

    OpenVPN is working fine since months, but I do have a new request now.
    I want to authenticate local users for OpenVPN, but only a few of them.

    Let's say I have 10 local users, but I only want 5 of them to be able to use OpenVPN. I can add the users into a group, but I don't see any group membership entry in the OpenVPN configuration.
    Only "Local Database", so all of them.

    Greets



  • If your server is running in "SSL/TLS" mode, you can assign certificates for OVPN only to authorized users.
    If it is running in "User Auth" mode, there is no way to differ authorized and unauthorized users, except you use a Radius or LDAP server for ovpn authentication.



  • Thanks for your quick reply.
    I understand what you mean.

    Will I be able to create a second OpenVPN Server for the "other 5 users" and differ between them with user certificates?
    I think I have to create a second CA then, but will it be possible then?



  • Yes, you have to create a particular CA and server cert for each ovpn server. Only users with certificates from the CA which is assigned to the server can connect to it.
    The second server must listen on a different port and use a different tunnel subnet, off course.


Log in to reply