openvpn radius auth + groups subnet restrictions

This is where we can discuss what we would like to see added or changed in OpenVPN.
Post Reply
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 08, 2017 8:57 pm

openvpn radius auth + groups subnet restrictions

Post by orange4 » Wed Mar 08, 2017 9:03 pm

Trying to determine how to replicate groups in openvpn community like openvpn-as has. In openvpn-as, one can create groups that have subnet restrictinos, so only certain user groups are allowed to access certain subnets.

On our openvpn-as, we're using radius to authenticate users, our radius (MS NPS) passes back a framed-pool attribute (88) to specify the group. A python script that was installed with sacli picks up the group from the radius framed pool attribute, then maps it to an identically named group that is defined statically, and the subnet restrictions are applied.

My question is how to replicate this (group restrictions) in openvpn-community. I've seen 'creating static CN -> IP mappings with ccd' mentioned, looking for tips on how this would look in the config of openvpn-community.


Post Reply