OpenVPN Support Forum

Hello all.
I have currently an openvpn server who was configured by another sysadmin that is gone, and, so, i seek for some information here.
Currently, on the server, we have a network card (ie 192.168.0.1/24) and a tune card (10.10.10.0/24). All client that connect to the server got an ip adress 10.10.10.XXX, and all trafic is redirect to 192.168.0.1.
I have find how to fix the ip adress 10.10.10.XXX for a specific client (whith the folder /etc/openvpn/ccd and the file user.specific@mydomain.com ) where a put, for example, the ip 10.10.10.125.
I would like to know if, i can make a setup that for this specific client, the traffic is redirect to a new network card (172.16.0.1) ans all others continue passing by 192.168.0.1
For example, like this, it will permit me, to have access to all my servers from the vpn (by allowing the ip 172.16.0.1 on our firewall), and the other client (that are not from it department), will not have full access to all servers....
I dont know if what i'm saying is very clear... So excuse me.
Thanks by advance for your future answers and help.
Have a nice day !

Hi,

It reads like it is clear.

Each client needs a unique CommonName in its certificate.
Based on each clients CommonName you assign a static tunnel ip (through ccd files).
^^ If I understand correctly you have the above already? ^^
The static tunnel IP can then be used in firewall rules to allow/deny access to resources.

.
The 172.16.0.1 network.
To the server config file add Restart server.
In your ccd file add .
Another way is to configure a second OpenVPN instance to which only you have access.
In that case you need to allow a second port, or second protocol on the same port, into the network.
And then its basically the same as above with the difference that you allow/deny access to resources using the tunnel subnet in firewall rules.

This diagram might be helpful to you:
https://community.openvpn.net/openvpn/w ... acketsFlow