I want to run custom scripts on connect/disconnect, to apply custom firewall rules.
This is so that LDAP groups can control, via iptables, which server-side subnets any given VPN user can talk to.
I've managed to figure out that I can add server-side directives under Configuration / Advanced VPN but it seems that "-chroot" isn't respected. My scripts would have to somehow magically get copied into /run/openvpn_as after each server startup, along with bash, iptables, ldapsearch, and a bunch of libraries.
Is there a supported way to do this, or some way to turn off running it in a chroot?
Or does this use case actually require the community edition?
1 post • Page 1 of 1