Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Can specific OpenVPN user(s) be allowed to have an IP froma specific range?

by |Published

Is it possible to configure OpenVPN (or its DHCP more accurately) to choose the IP for a specific identity (or set of identities) from a range I already defined? and any other identity will get its IP from another range.

Or even to prevent any network communication for that identity, if the user uses that identity enters the IP address manually out of the allowed range?

An identity may be a user authenticated by Certificate or by Username/Password.

The goal of this is to be able to set some IPTables rules which prevents some users from accessing specific resources (using the IP of those users).

Update:

As a starting point I found the following in the server.conf template:

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients.  There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
#     group, and firewall the TUN/TAP interface
#     for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
#     modify the firewall in response to access
#     from different clients.  See man
#     page for more info on learn-address script.
;learn-address ./script

You may also like