On 30/01/2008, at 9:56 AM, Phil Scarratt wrote:
What you should be able to do is configure OpenVPN to always assign the client the same IP address (I believe that is documented in OpenVPN sample conf file), then you could use iptables to restrict that client IP address access to the network...
That's one way, the other way is learn-address. # Suppose that you want to enable different # firewall access policies for different groups # of clients. There are two methods: # (1) Run multiple OpenVPN daemons, one for each # group, and firewall the TUN/TAP interface # for each group/daemon appropriately. # (2) (Advanced) Create a script to dynamically # modify the firewall in response to access # from different clients. See man # page for more info on learn-address script. learn-address /etc/openvpn/learn-script -- Michael Chesterton http://chesterton.id.au/blog/ http://barrang.com.au/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
