I want to run custom scripts on connect/disconnect, to apply custom firewall rules.
This is so that LDAP groups can control, via iptables, which server-side subnets any given VPN user can talk to.
I've managed to figure out that I can add server-side directives under Configuration / Advanced VPN but it seems that "-chroot" isn't respected. My scripts would have to somehow magically get copied into /run/openvpn_as after each server startup, along with bash, iptables, ldapsearch, and a bunch of libraries.
Is there a supported way to do this, or some way to turn off running it in a chroot?
Or does this use case actually require the community edition?
connect/disconnect scripts?
-
pdavisfmnh
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Sep 04, 2020 5:48 pm
Re: connect/disconnect scripts?
I'm also looking for this information. The only thing that is limiting me from switching from our current VPN solution is rate limiting. I can't let everyone connect at full strength.
The ease of use for end users with the access server is HUGE and would simplify our helpdesks lives greatly. But if I can't rate limit its a hard no go.
The ease of use for end users with the access server is HUGE and would simplify our helpdesks lives greatly. But if I can't rate limit its a hard no go.