group permissions access control seems to have no effect

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
cbarber@itpne.com
OpenVpn Newbie
Posts: 1
Joined: Tue Jun 06, 2017 3:21 pm

group permissions access control seems to have no effect

Post by cbarber@itpne.com » Thu Sep 14, 2017 4:18 am

Hi,

Note: my question is purely in regards to configuring the vpn through the web user interface, and not by means of editing its config file(s).

if I configure a subnet under VPN Settings / Routing (yes, using nat), then the connected client works as expected and receives the configured subnet in the form of an entry in its routing table. But the effect of this is too broad, applying to any connected client regardless of which group the authenticated user belongs to. I should be able to control the client route table entries on a per-group basis.

It appears that regardless of the configuration that I apply under Group Permissions / Access Control (use access control = yes) the configuration has no effect on the behavior of the client. For example if I enter a subnet here that does not appear in the Routing config as described above, no route table entry is provided to the client. If I enter multiple subnets under routing, and repeat only one of those subnets here under access control, the connected client still has access to all the subnets under the routing section. The entire configuration option seems to have no effect at all. it does not act as a permit, nor as a deny.

So what is the actual purpose of this config, and more importantly how can I achieve group level routing configuration?

Thanks
Chris

Post Reply