create openvpn firewall rule where the source is a specific user?

Started by jojothehumanmonkey, December 18, 2024, 05:17:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 18, 2024, 05:17:11 PM Last Edit: December 18, 2024, 06:14:56 PM by jojothehumanmonkey
hello, thanks, my first time, i setup the openvpn server with TOTP login. fantasic, it works great.
i figured out how to make a openvpn firewall rules and that also works well.
but now i need to allow a specific user to a specific machine and port.
how to change the source to a specific openvpn user?

currently, i have this rule


December 18, 2024, 06:20:14 PM #1
i am using this guide - https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
i cannot get opnsense router to use the specifc ip address i want.

from "VPN: OpenVPN: Client Specific Overrides",
for common name "Donald", for "IPv4 Tunnel Network", i have tried variations of "10.0.10.16/24"


also, after making such a change, i always re-export the openvpn file and re-import it into my laptop.
do i need to do that or not?


December 18, 2024, 06:26:39 PM #2
Hi jojothehumanmonkey,

[  ] Are you using certificates to authenticate users in this openvpn profile?
[  ] Did you checked the option "Username as CN"?
[  ] Does the term "Donald" matches the user certificate common name (case sensitive)?
[  ] In the field common name on screen Client Specific Overrides, have you verified any leading white space?

- nothing broken, nothing missing;
December 18, 2024, 06:47:41 PM #3 Last Edit: December 20, 2024, 12:03:45 AM by jojothehumanmonkey
first, thanks for the reply.

i figured it out based on this topic from this forum.
The local and remote VPN endpoints cannot use

and the tricky thing for me was for to use the correct subnet mask for `/30`
"VPN: OpenVPN: Client Specific Overrides" - > "IPv4 Tunnel Network"
"10.10.0.42/30"
Print
Go Up Pages1
User actions