Hi there!
I'm planning an OpenVPN Server (tun) with authentication/authorization from Radius. My approach is: Radius sets the Framed-IP-Address so that for example admins have an address in the range 10.0.0.0/24 and normal users 10.0.1.0/24. With the firewall I can then define access to the different resources.
My little test setup works perfectly, but now the crucial question:
Is there any chance that a user changes his IP address in tun mode?
Kind regards
Adrian Schneider