Use your imagination ..
Routing is a path to a goal .. there are many paths.
On 31/07/2020 01:44, Joe Patterson wrote:
That's only works as far as you trust your users not to violate policy
(which, generally speaking, you shouldn't). There's nothing stopping
them from adding "route" statements to their own config files.
Anything you can push, the user can add without it being pushed.
Well, except ifconfig push, which is policed (I believe), and you can
then use those statically provisioned IP addresses in firewall rules.
On Thu, Jul 30, 2020 at 4:36 PM Alex K <rightkickt...@gmail.com> wrote:
On Wed, Jul 29, 2020, 07:57 Peter Fraser <softwareinfo...@gmail.com> wrote:
HI All
I set up my OpenVPN Server for IT access but now everyone seems to love and I
have to be allowing more and more persons. I wonder, is there a way to prevent
one user from accessing a particular route that is listed in the global config
file. I have only seen how to the opposite, that is, allow a user access to a
route not listed in the global config. Any help would be greatly appreciated.
As a simple approach, I would recommend pushing specific routes to users
through the ccd file. Each ccd file named according to the common name of the
user's cert.
Regards,
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
