On 26/11/2019 16:39, Joe Patterson wrote: > However, to the question at hand, as with so very many things with > openvpn, this seems like something that's not built in, but you can > certainly do it... > > I've played around some with writing programs to interact with the > openvpn management interface, and when a client connects, you get a > *lot* of information, with which you can choose to do whatever you > want. You could have multiple CA's, independent or intermediate, or > you could have one CA and give clients certificates with distinct > OU's, which will come through the management interface like: > ">CLIENT:ENV,X509_0_OU=Testing". And then your program interfacing > with the management port can do whatever with that information, > including but not limited to assigning IP addresses based on that > info, or setting firewall rules based on it, or whatever.
Have a look at eurephia. It's one of my oldest projects, and even though it looks abandoned, it isn't really, it's just been rock solid on the sites I've deployed this. <http://www.eurephia.net/> Docs: <http://www.eurephia.net/documentation/eurephia/1.1/html/Administrators_Tutorial_and_Manual/> -- kind regards, David Sommerseth OpenVPN Inc -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
