Post
by novaflash » Thu Jul 16, 2020 7:54 pm
Hello yodakramer,
Routes assigned in VPN Settings are for everyone. So for all users and all groups. That is not what you want. It may be best to set the routing option in VPN Settings to simply "no", so you start out with a situation where nobody has access to anything.
Then in Group Permissions or in User Permissions, or both, you can define subnets that certain groups and users have access to.
Your example of having all 10 subnets in the Production group, and only 4 subnets in the Default group, is fine. That's how it works. Then based on what group membership a user has, they inherit access to those subnets.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.