I would like to realize a new configuration and I can't manage to do it (I don't even know if that's posible).
Let me explain :
I have 2 certificates with the duplicate-cn flag -> one for internal users
-> one for external users
I'd like to have one subnet per certificate.
For exemple the subnet 10.8.0.0 255.255.255.0 for internals and 10.8.1.0 255.255.255.0 for externals (with differentes routes & firewall rules -> internals will be able to talk with the actual network).
I could manage to create the 2 subnet but I can only have one ifconfig-pool. I cannot dynamicaly assign IP adresses to 2 differents subnets.
Code: Select all
mode server tls-server topology subnet push "topology subnet" ifconfig 10.8.0.1 255.255.254.0 ifconfig-pool 10.8.0.2 10.8.0.253 255.255.255.0 route-gateway 10.8.0.1 push "route-gateway 10.8.0.1"
I've seen that may be I can use another script to deliver IP adress depending on groups or CN may be ?
Can you tell me if the action I am trying to achieve is posible ? How to do it ? If not should I use 2 differents OpenVPN with one for internals and one for externals ?
Thanks you for helping !