Project

General

Profile

Actions

Feature #13547

open

Limit allowed VPN users based on group association

Added by Mikael * about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

Hi,
Currently I'm using Freeradius as my source of users who have access to VPN and the firewall. On the system side I can create a local user and assign it a group which has permission to login to pfsense.
With OpenVPN there is no option to force check if user has assigned a special group that is allowed for VPN access, and the only way to overcome this limit is to use TLS certificate pinned with the user for OpenVPN.

I would like a feature in OpenVPN to check if the user is part of a local group before allowing the connection.

Actions #1

Updated by Mikael * about 2 months ago

I may have expressed my self-wrong, on the system side I can create a group and assign the appropriate permissions to the web-gui for that group. I can then attach a local user which has the same username as the user in FreeRadius to the said group. When the user authentications to the system it will then match the local user which inherits permission assigned to the user group(s).
This behavior should also be true for openvpn.

Actions #2

Updated by Mikael * about 2 months ago

Looking into this request, basically this request sums up the feature wanted: https://redmine.pfsense.org/issues/10748

Actions

Also available in: Atom PDF