Making OpenVPN more robust

michmoor · March 14, 2022, 3:27pm

Is there a way to have OpenVPN assign a range of IPs according to the Windows group a user is in. I know this is possible on the Palos so I am looking for a similar feature set on the PFsense side. Having users point to a radius server is fine for authentication and having CSC is fine for one-offs but I want to deal with the potential scaling I will have with one of my customers.

Goal - create a range of IPs. Assign those IPs to departments and/or groups of users. Craft firewall policy around that.

edit: I did think of creating different OpenVPN servers to deal in the meantime but its still a scaling issue. Am I really going to create 10 or 20 servers? Dont want to, but may not have a choice.

LTS_Tom · March 15, 2022, 11:59am

You can use FreeRadius in pfsense to assign IP’s to users

michmoor · March 15, 2022, 2:25pm

i saw this and i use this in a current deployment. its fine but this is statically assigning an IP to a user where I would need a pool of addresses that clients in a OU can pick up when they sign into OpenVPN. So lets say accountants get 172.26.0.0/24 and HR gets 172.27.0.0/24, etc…