OpenVPN Support Forum

Hi,

First of all, thanks for this great program. I would like to mention that I'm using OpenVPN since almost a decade now. I'm using the server on a linux, but the clients are mostly Windows, iPad, and hopefully soon Android too.
Currently there are clients grouped with a trick: different port (1194,95,...) and different subnet (10.8.0.x, .1.x, ...)

The big question is, how can I group some hundreds of clients so, that everyone is connecting to the same port, but some can see each other, and others not? Of course there should be some clients, (like me) those would see everybody.

I should be able to manage who can see who and disable inactive ones.

Is this possible somehow? Thanks for any ideas and answers!

The easiest way to accomplish this is with client connect scripts and firewall updates. Group clients based on certificate and use username/password to authenticate.

ecrist wrote:The easiest way to accomplish this is with client connect scripts and firewall updates. Group clients based on certificate and use username/password to authenticate.

Thanks ! Can somebody explain it a bit more detailed and probably drop some links to it?
(search for the word: "group" is disabled in the forum)

- Is there any example for this? (scripts)
- you mean "firewall updates" on the server or the client side? (I have a dedicated linux server for this)
- the clients should connect automatically as service. Should be a user/pass placed in the .conf file then?
- I have mostly windows clients, and I see on each log:
NOTE: --user option is not implemented on Windows
NOTE: --group option is not implemented on Windows
So is it still possible to do it?

With google search I've found this topics yet:

Different DNS-configuration for groups?
topic8981.html

This one gives me an idea > can I give a specific config file on the server side to each client?
topic8749.html

But I don't know witch solution is better?