permitting "production routes" for prod group?

Post Reply
yodakramer
OpenVpn Newbie
Posts: 2
Joined: Thu Jul 09, 2020 4:48 pm

permitting "production routes" for prod group?

Post by yodakramer » Thu Jul 09, 2020 4:54 pm

What's the right way to permit only some users in a group access to some routes? Or is the way I'm thinking of it correct?

In VPN Settings | Routing I have all 10 routes.

In User Management | Group Permissions, I have two groups - a "Default" and "Production" group.
  • Production | Access Control: lists all 10 routes.
  • Default | Access Control: only lists 4 routes.

novaflash
OpenVPN Inc.
Posts: 1055
Joined: Fri Apr 13, 2012 8:43 pm

Re: permitting "production routes" for prod group?

Post by novaflash » Thu Jul 16, 2020 7:54 pm

Hello yodakramer,

Routes assigned in VPN Settings are for everyone. So for all users and all groups. That is not what you want. It may be best to set the routing option in VPN Settings to simply "no", so you start out with a situation where nobody has access to anything.

Then in Group Permissions or in User Permissions, or both, you can define subnets that certain groups and users have access to.

Your example of having all 10 subnets in the Production group, and only 4 subnets in the Default group, is fine. That's how it works. Then based on what group membership a user has, they inherit access to those subnets.

Post Reply