Can I have different “client internet traffic routed through the vpn” for different user groups?

[JohnManchester]

Hi All

I have the following setup on my OpenVPN Server:

Global Setting:
Configuration -> VPN Settings -> Should client Internet traffic be routed through the vpn = Yes

User Management -> User Permissions
All users have "No Default Group" and therefore all Internet traffic is routed through the VPN.

I have created a new Group called “Group1”

For users in this “Group1”, I don’t want all Internet traffic to be routed through the vpn.
The only traffic that I wish to be routed through the vpn for this group are subnets “Configuration -> VPN Settings -> Routing -> Specify the private subnets to which all clients should be given access (one per line)”

I would like to know how to do this.

I believe this article shows me how to do this: Redirect-gateway and DNS settings
https://openvpn.net/vpn-server-resource ... mand-line/

Overide this for group but still allow “push DNS server”
./sacli --user Group1 --key “prop_reroute_gw_override” --value “dns_only” UserPropPut

Also, can the Group1 have the same “Dynamic IP Address Network” & “Group Default Address Network” as the global defaults?

I look forward to hearing from you.

Many Thanks

John

[novaflash]

Well, you pretty much already found it, so I suggest you try it.

Groups can inherit from Group Default Address Network, or they can have their own subnet.

[JohnManchester]

Well, you pretty much already found it, so I suggest you try it.

Groups can inherit from Group Default Address Network, or they can have their own subnet.

Thanks novaflash. Appreciated.

John