We do this by having each 'group' attached to a different OpenVPN server, each with varying degrees of access and with different root CA's. We primarily use firewall rules to limit what each VPN can access. We use a variety of tactics to attempt to find misuse and abuse (syslogging of various things, NSM, honeypots, etc). You should realize that if the VPN servers terminate into the same network and the users have access to computers/servers/services there is reasonable risk of them being able to escape their boundaries.
Mike On Thu, Feb 13, 2014 at 2:54 PM, jungleboogie0 <[email protected]>wrote: > Hi All, > > Curious to know if pfsense supports the ability to setup groups of VPN > accounts and then set restrictions on the groups. > > Example: > groups 1, 2 3 each with 5 people in the group. > > Those in group 1 can access servers a-c > those in group 2 can access servers d-g > etc > > I know my explanation and terminology may barely be understandable so > please let me know if you need further explanation. > > Thanks, > jungle > > > > -- > ------- > inum: 883510009902611 > sip: [email protected] > xmpp: [email protected] > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
