The issue that I have that certain websites and production machines only allow connections from our office IP addresses. We have split-tunneling enabled for our users so as not to saturate our primary WAN line. But some users need to be able to access the above sites and machines through the VPN connection to be able to access it.
So, we can accomplish this one of two ways:
1) Have a certain group of users pass all of their internet traffic through the VPN
2) Add those sites and servers to a list that OpenVPN will recognize, so as to pass this traffic through the VPN.
Could anyone give me any information as to how to do either of these or which one is preferable/feasible?
Select users Split-tunnel vs all-thru OR some sites via VPN
-
ugolee
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Oct 05, 2011 1:52 pm
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Select users Split-tunnel vs all-thru OR some sites via
I'd go with option #1 : use a 'client-connect' script to put those users in a different subnet, with full access, or use the script to set up firewall rules for those users.
The downside of option #2 is that the routing table on the server might become very lengthy.
The downside of option #2 is that the routing table on the server might become very lengthy.
-
ugolee
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Oct 05, 2011 1:52 pm
Re: Select users Split-tunnel vs all-thru OR some sites via
Where would I be able to find a script that allows me to create a different client config? I can't find how to modify the client config in the OpenVPN client that you download from the Access Server.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Select users Split-tunnel vs all-thru OR some sites via
the client-connect script would be on the server side ; I don't if and how it can be done for Access Server, I only know the free community version of openvpn.