Hi everyone,
I am looking into OpenVPN because I need to configure a heavily firewalled network for remote access.
I have configured OpenVPN before, however not for this kind of extensive network usage (just to connect to a single LAN).
What I want to do is the following:
There are two user groups: staff and guests. Guests can access the 10.1.0.0/16 IP range, staff both the 10.0.0.0/16 and the 10.1.0.0/16 ranges. I want to create two certificates: one for the staff one for guests respectively.
In pseudo-syntax, something like this:
Code:
group staff {
identified by certificate "staff.crt"
server 10.8.0.0 255.255.255.0
push route 10.0.0.0/16
push route 10.1.0.0/16
}
group guests {
identified by certificate "guest.crt"
server 10.8.1.0 255.255.255.0
push route 10.1.0.0/16
}
All I can find on the OpenVPN site is how to configure OpenVPN to server a dynamic IP range to a user group and then assign individual IPs on a certificate basis (staff1, staff2, etc) using the client-config-dir. But there seems to be no documented way to create two separate pools.
Since I want to avoid running two different OpenVPN servers to handle the two user groups, I wanted to ask around if someone has a solution for this.
thx