Creating personalized firewall rules for VPN users

kd.gundermann · January 25, 2023, 12:49:42 PM

coming back to this old thread https://forum.opnsense.org/index.php?topic=3483.0
I am having now the same problem:
We have OpenVPN set up for different users: normal users, administrators, external users
How I can I create firewall rules, that e.g. external users are not allowed to access our mail server.

I have found https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/ but I don't understand how to configure this with the current OPNSense GUI.

Any Hints/Links where I should look after?

Cheers
Klaus

kd.gundermann · January 27, 2023, 03:26:50 PM

So I solved the problem by creating different OpenVPN Servers with different ports and subnets.

tiermutter · January 27, 2023, 03:43:23 PM

Creating specialized servers is a good and easy way to go.
The other way could be to use client specific overrides to provide each client a fixed IP that can be used in firewall rules to deny/allow access to special devices.

Creating personalized firewall rules for VPN users

kd.gundermann

January 25, 2023, 12:49:42 PM

kd.gundermann

January 27, 2023, 03:26:50 PM #1

tiermutter

January 27, 2023, 03:43:23 PM #2