I have OpenVPN-AS authenticating against Active Directory (AD). Any user who authenticates to OpenVPN-as receives a 10.22.x.x address (which range is assigned to VLAN 22).
We have a number of VLANS, each with their respective IP ranges.
Is it possible to cause OpenVPN-AS to assign a user an IPs from dhcp ranges based on the user's AD security group?
To be clear. Let's say we have three security groups in AD, each group containing one user:
1. Accounting (contains Bob)
2. Sales (contains Sara)
3. Tech (contains Jim)
We also have three VLANs, each with its own IP range
1. VLAN 22 (10.22.0.0/16) - for Accounting
2. VLAN 23 (10.23.0.0/16) - for Sales
3. VLAN 24 (10.24.0.0/16) - for Tech
If Bob authenticates to OpenVPN, he should receive an IP from 10.22.x.x.
If Sara authenticates she should receive an IP from 10.23.x.x.
If Jim authenticates he should receive an IP from 10.24.x.x.
Is this possible? If so, can someone point me in the right direction to make it happen?
Much obliged
IP Addresses based on ActiveDirectory Security Groups
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Mar 28, 2016 7:14 pm
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: IP Addresses based on ActiveDirectory Security Groups
I think you looking for this:
https://openvpn.net/index.php/open-sour ... tml#policy
https://openvpn.net/index.php/open-sour ... tml#policy
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Mar 28, 2016 7:14 pm
Re: IP Addresses based on ActiveDirectory Security Groups
Thanks for your reply. I am not sure that this works because it does not seem that the classes (or groups) here are designated by Active Directory (AD). What I hope to do is integrate OpenVPN with AD such that it assigns IPs (or VLANS) based on AD group membership.Pippin wrote:I think you looking for this:
https://openvpn.net/index.php/open-sour ... tml#policy
If I am incorrect on this, please let me know.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jan 04, 2017 3:06 pm
Re: IP Addresses based on ActiveDirectory Security Groups
Hi,
I know this is an older post, did you get this figured out?
Thanks!
I know this is an older post, did you get this figured out?
Thanks!