|
|
On Sat, 2 Apr 2005, Erich Titl wrote: > Hi > > I read the HOWTO about client specific policies > http://openvpn.net/howto.html#policy. Is there a way to have multiple > address pools dependent on the client certificate (comparable to > connections in FreeSWan) so one could easily define multiple group > access policies. Right now the --ifconfig-pool directive (and macros like --server and --server-bridge which use it) only support a single pool per OpenVPN daemon. This is mostly because those who want to use multiple address pools have already decided to use server-side per-client customizations through either --client-config-dir or --client-connect, and don't really need the ifconfig-pool feature any longer. So basically, there's two ways to do this: (1) Static Method: Use --client-config-dir, and create a file for each client with an ifconfig-push directive indicating a static address. This is described in the HOWTO. (2) Dynamic Method: Use --client-connect/--client-disconnect scripting and implement your own pools in the script based on the common name. When I have a chance, I plan to write a general-purpose --client-connect script which will make it easy to maintain multiple pools based on a pool name derived from a user-defined regular expression applied to the common name. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00016.html on line 210 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00016.html on line 210 |