VPN - Restrict users access using MAC address Authentication

[imaddaou]

Dear OPNsense community,

My goal is to build an VPN solution using MAC address restriction of manual ACL; plus Muti-factor authentication.

I was reading post-auth script using OpenVPN at https://openvpn.net/vpn-server-resources/access-server-post-auth-script-host-checking/

However, I couldn't find any guidance for post-auth script mentioned under your documentation. Is this feature available for the community edition of OpenVPN or is it ONLY for Access Server? If it does, please guide me in the right direction to configure it using OPNsense, If it's not available for community edition of OpenVPN, what are my choices? Is it available with other types of VPNs?

Your time and guidance will be highly appreciated; I look forward for your response at your earliest convenience.

Thank you!

Imad

[errored out]

What you are looking for is not feasible.  The layers are different.  You could create ACLs for IPs and (configure the firewall to use MFA) use the local server for authentication.


I know you can use Pre, auth, and post for squid and I am assuming others. These may shed some light on your question.

https://forum.opnsense.org/index.php?topic=15754.0
https://forum.opnsense.org/index.php?topic=6516.msg27986#msg27986