I am trying to setup the VPN so each client has access only to a /24, but I am not sure how to do it, for example:
Client1 → 10.0.0.0/24
Client2 → 10.0.1.0/24
etc…
I have tried to setup with Remote Network, but from what I understood it is the network for the client, not for what he can acess (the client gets the acess to all networks except the remote network defined).
I don’t really understant if it is possible to do with nethserver.
Thanks in advance for anyone that helps!
My problem is routing, the default roadwarrior VPN creates routes for all network interfaces in nethserver (if I’m not in error). What I would like is to change the routes that each client has access to.
For example when creating the rules in firewall there appears options like vpn-rw-client1 that I have deleted from the VPN accounts, and if I create a new client1 the name appears as vpn-rw-client1vpn-rw-client1.
I think it will become worse after, since I will regularly be deleting the vpn files and creating new ones.
Thanks! I had missed the objects in the firewall section.
It’s a service that my company will have, where users get access for x time to a subnet that have cloned vms, and managing with client1, client2, etc would be easier instead of names (maybe saying regularly wasn’t the best word).
Just so I know I’m not missing anything, it isn’t possible to regenerate keys for a user, making the first ovpn file unusable, without deleting the vpn account, right?
IDK. If you’re using a configuration file with included user-certificate… IMVHO no.
Moreover, the case scenario in mind ofNethServer is for employee or well known “guests” (accountancy studios, legal firms, subcontractors, whatever) so long-lasting setups/certificates are seen as less time-loss for managing access.
If you want you can disable the access always via Firewall rules. Sincerely, IDR if there’s any “until that time at that day” for time conditions, but you can still disable the rule if you want. Until re-enabiling, the user can connect but should not access anywhere.
Maybe in a future a “expire date” setting/prop will be user accessible. But for that, a feature request is… due.
Thanks for all the help. I was able to accomplish what I intended to do.
From what I see, it won’t be so frequent that I will need to substitute nethserver.
Since my problem was roadwarrior clients having access to all subnets, as pike sugested, I simply created par VPN cidr subnet for each client VPN.
I’ll simply delete and regenerate all vpn files when the client is no longer allowed access, since I wont have a big number of clients at the same time.