Thank you for creating such a great product and for the hard work of all the community members! (My openvpn version is at the bottom of this post, and I've scoured the wiki and the forum for an answer to this)
I would like to use the subnet topology to create multiple subnets in my openvpn VPN for my contractors, devs, admins, etc. There are many of each, so static IP assignment client by client (one persona at at time) via a client config directory is not viable.
There exists a great tutorial re. setting up access policies for an organization when using the `net30` topology, where each type of employee gets an IP in a different VIP CIDR block:
https://openvpn.net/community-resources ... -policies/
and here:
https://community.openvpn.net/openvpn/w ... sspolicies
There is also a tutorial for the subnet topology, which shows how to set up static IPs for two clients; this could be used in conjunction with iptables rules to allow certain blocks of IPs in the same subnet to have access to certain resources. (note: not scalable enough for my needs; too much manual configuration):
https://community.openvpn.net/openvpn/w ... ettopology
Since `subnet` is now the preferred topology, and net30 is deprecated (https://community.openvpn.net/openvpn/w ... ettopology), it would be great to have the first tutorial written in the context of the subnet topology, so I and the community could achieve my stated goal.
I would be able to have different subnets for the different types of employees, and wouldn't have to manually set up a client config file for each new employee, and worry about which blocks of the single subnet I'd arbitrarily allocated to the different employee types. One subnet per employee type is the goal.
I tried to create it, but failed, due to routes not being accessible when pushed to my client(s).
Openvpn server version:
OpenVPN 2.6.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
DCO version: N/A
Originally developed by James Yonan
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=auto enable_dco_arg=auto enable_debug=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no
