Text only | Text with Images

OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: kd.gundermann on January 25, 2023, 12:49:42 PM

Title: Creating personalized firewall rules for VPN users
Post by: kd.gundermann on January 25, 2023, 12:49:42 PM
coming back to this old thread https://forum.opnsense.org/index.php?topic=3483.0 (https://forum.opnsense.org/index.php?topic=3483.0)
I am having now the same problem:
We have OpenVPN set up for different users: normal users, administrators, external users
How I can I create firewall rules, that e.g. external users are not allowed to access our mail server.

I have found https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/ (https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/) but I don't understand how to configure this with the current OPNSense GUI.

Any Hints/Links where I should look after?

Cheers
Klaus
Title: Re: Creating personalized firewall rules for VPN users
Post by: kd.gundermann on January 27, 2023, 03:26:50 PM
So I solved the problem by creating different OpenVPN Servers with different ports and subnets.
Title: Re: Creating personalized firewall rules for VPN users
Post by: tiermutter on January 27, 2023, 03:43:23 PM
Creating specialized servers is a good and easy way to go.
The other way could be to use client specific overrides to provide each client a fixed IP that can be used in firewall rules to deny/allow access to special devices.
Text only | Text with Images