|
|
the howto contains the text "...the server can enforce client-specific access rights based on embedded certificate fields, such as the Common Name....", and goes on to outline a mechanism for statically setting up configuration files (http://openvpn.net/howto.html#policy). does anyone have any experience employing openvpn with iptables to achieve more dynamic access rules, where subnets are allocated/assigned to clients on the fly and access rules are setup dynamically? as a hypothetical example, consider a dorm vpn server -- we want to provide each dorm access to the vpn and some of the vpn's common services (mail, web, etc.), and we want to provide clients within the dorm access to each other, but restrict clients from different dorms from accessing each other -- all without having to create seperate file-based configurations for each dorm. sorry if this topic's been covered before or if this is wholly outside the realm of openvpn. i "think" i'm looking for something like an ldap-based solution to drive the various components to appropriately restrict access and i would extremely appreciate it if anyone has any experience or pointers in the area. thanks. ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00047.html on line 193 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-07/msg00047.html on line 193 |