That's only works as far as you trust your users not to violate policy (which, generally speaking, you shouldn't). There's nothing stopping them from adding "route" statements to their own config files. Anything you can push, the user can add without it being pushed. Well, except ifconfig push, which is policed (I believe), and you can then use those statically provisioned IP addresses in firewall rules.
On Thu, Jul 30, 2020 at 4:36 PM Alex K <rightkickt...@gmail.com> wrote: > > > > On Wed, Jul 29, 2020, 07:57 Peter Fraser <softwareinfo...@gmail.com> wrote: >> >> HI All >> >> I set up my OpenVPN Server for IT access but now everyone seems to love and >> I have to be allowing more and more persons. I wonder, is there a way to >> prevent one user from accessing a particular route that is listed in the >> global config file. I have only seen how to the opposite, that is, allow a >> user access to a route not listed in the global config. Any help would be >> greatly appreciated. > > As a simple approach, I would recommend pushing specific routes to users > through the ccd file. Each ccd file named according to the common name of the > user's cert. >> >> >> >> >> >> Regards, >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users > > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
