|
|
I've a Linux OpenVPN server connected to the Internet via a single IP address and to a local network via a second Ethernet port. The machine is running several other services in addition to OpenVPN. The goal is to have 2 groups of users: - group 1 with more or less full access through the VPN tunnel to the internal network and anything else that the server can access - group 2 with access only to the server's VPN address and, even then, only to certain ports on that address Group 2 must be able to access only a few TCP and UDP ports on the server and nothing else. They must not be able to even "see" each other through VPN. I can think of several ways to accomplish that (mostly via iptables), but I was wondering if there are already some kind of "best practices" in that regard. I haven't looked closely at OpenVPN since v1.6. Are there any group policy capabilities implemented in v2? -- Florin Andrei http://florin.myip.org/ ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |