VLAN User Management

Started by opnserious, October 21, 2024, 06:00:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 21, 2024, 06:00:11 PM
Dear community,

I have a OPNsense network with multiple users that all have their own IPv6 VLAN on which they host services. At this moment I need to add the firewall rules for all of their services since I am the only OPNsense administrator. Hence, I was wondering if I could create OPNsense user accounts where each user has only control over his/her VLAN and nothing else. That is, they control the port forwarding and firewall rules for their VLAN s.t they can change firewall rules according to their needs instead of depending on me doing it for them. I would compare it to a VPS where you also have control over the firewall but cannot modify the firewall of other users.

Thank you!!

October 21, 2024, 08:38:05 PM #1
I have no idea if this is anywhere on the road map of the developer team, sorry. But you might want to change the title of your thread to e.g. "Any possibility of delegated administration?" or similar, because that is what the feature you inquire is commonly called.

When I first read your thread title I expected you to ask about automatic mapping of users to particular VLANs like with 802.1x and AD or some such.

HTH (a tiny bit), Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 21, 2024, 09:39:12 PM #2
What would probably be more scalesble and secure is to create a main OPNsense for you, and create smaller OPNsense VMs behind that which get one IPv6 /64 prefix routed to them via a transfer network from your main router.

Then you have full control over the main OPNsense and everybody could login to their own separate OPNsense.

Its kinda like a small ISP setup really.
Hardware:
DEC740
Print
Go Up Pages1
User actions