Applying Subnet Access - Making Sense of Global/Group/Individual ACL's
Posted: Mon Jan 09, 2017 7:02 pm
So I have an instance of OpenVPN 2.1.4 running, and everything works from an authentication standpoint.
I have several groups of users that need to have different network ranges applied to them. Some are to single hosts, some to the entire network range.
My basic question: Is this a least permissive system?
Scenario:
I go into VPN Settings and apply the range 10.8.0.0/16 as the default accessible subnet.
I then go to a User Group and apply a subset of that network range. Say 10.8.8.8/32. When I connect as a user in that group, they get the route 10.8.0.0/16 applied, meaning the group restrictions do not work.
Is this by design, or am I missing something?
Thanks in advance!!
I have several groups of users that need to have different network ranges applied to them. Some are to single hosts, some to the entire network range.
My basic question: Is this a least permissive system?
Scenario:
I go into VPN Settings and apply the range 10.8.0.0/16 as the default accessible subnet.
I then go to a User Group and apply a subset of that network range. Say 10.8.8.8/32. When I connect as a user in that group, they get the route 10.8.0.0/16 applied, meaning the group restrictions do not work.
Is this by design, or am I missing something?
Thanks in advance!!