OpenVPN AS - permit Internet access, deny certain LANs per user/group

Ask questions about your Access Server configuration here.
Post Reply
elmi4711q
OpenVpn Newbie
Posts: 1
Joined: Thu Sep 28, 2017 9:12 am

OpenVPN AS - permit Internet access, deny certain LANs per user/group

Post by elmi4711q » Thu Sep 28, 2017 9:17 am

Hi guys,

I could not find anything about this topic which might be related to my google fu...

OpenVPN AS server is set up on a Linux base (actually, it's the AWS AMI), nat'ing to the VMs address.AT to the machine's address.

All my roadwarriors need Internet access (PCI requirements define all traffic must go through the tunnel).
Certain subsets of roadwarriors need access to different internal networks and must be denied access from others.

Apart from using different roadwarrior address pools and filtering in iptables, is there a way to not only permit but also deny networks in the OpenVPN AS configuration, based on user or group?

Thanks for your insight,
Elmar.

User avatar
pazzovalerio
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 19, 2018 8:28 pm

Re: OpenVPN AS - permit Internet access, deny certain LANs per user/group

Post by pazzovalerio » Fri Jan 19, 2018 8:49 pm

elmi4711q wrote:Hi guys,

I could not find anything about this topic which might be related to my google fu...

OpenVPN AS server is set up on a Linux base (actually, it's the AWS AMI), nat'ing to the VMs address.AT to the machine's address.

All my roadwarriors need Internet access (PCI requirements define all traffic must go through the tunnel).
Certain subsets of roadwarriors need access to different internal networks and must be denied access from others.

Apart from using different roadwarrior address pools and filtering in iptables, is there a way to not only permit but also deny networks in the OpenVPN AS configuration, based on user or group?

Thanks for your insight,
Elmar.
did you manage to solve?

Inviato dal mio SM-G955F utilizzando Tapatalk


Post Reply