Netgate SG-1000 microFirewall

Author Topic: OpenVPN - 2 clients with different access rules  (Read 1343 times)

0 Members and 1 Guest are viewing this topic.

Offline O Van Dho

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
OpenVPN - 2 clients with different access rules
« on: September 23, 2011, 06:11:48 am »
Hi there,

I would like to give two different fw rules to openvpn clients. So I created 2 openVPN servers with the same Peer certificate Authority but different server certificate, on two different port and with two different tunnel network but the same local network.

I will set up different fw rule between the local network and the two tunnel networks.

So Client A will connect on local network and access only server A and client B will be able to access all servers on the same local network.

Unfortunately, I can't find where to associate a client to a particular OpenVPN server. I created several clients but the are all connecting to the first OpenVPN server.

Clients authenticate only using certificate.

Any help very appreciated.

Thank you

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21619
  • Karma: +1484/-26
    • View Profile
Re: OpenVPN - 2 clients with different access rules
« Reply #1 on: September 26, 2011, 12:03:27 pm »
That is in Client-Specific Overrides in the OpenVPN config. Make an entry for each user's certificate CN, give each of them a hardcoded tunnel network (a /30 inside of your larger tunnel network on the vpn), then set your firewall rules accordingly.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!