Hi, On Thu, Jul 30, 2020 at 11:33:45PM +0300, Alex K wrote: > On Wed, Jul 29, 2020, 07:57 Peter Fraser <softwareinfo...@gmail.com> wrote: > > I set up my OpenVPN Server for IT access but now everyone seems to love > > and I have to be allowing more and more persons. I wonder, is there a way > > to prevent one user from accessing a particular route that is listed in the > > global config file. I have only seen how to the opposite, that is, allow a > > user access to a route not listed in the global config. Any help would be > > greatly appreciated. > > > As a simple approach, I would recommend pushing specific routes to users > through the ccd file. Each ccd file named according to the common name of > the user's cert.
While this works, it's not a good security measure - the server will not
verify (can not) that the client is using *only* those routes that you
push.
So if you put "route 1.2.3.4 255.255.255.255" in the client config,
that address will be routed into the VPN as well, in addition to what
the server pushed.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
