Feature #13547
open
Limit allowed VPN users based on group association
0%
Description
Hi,
Currently I'm using Freeradius as my source of users who have access to VPN and the firewall. On the system side I can create a local user and assign it a group which has permission to login to pfsense.
With OpenVPN there is no option to force check if user has assigned a special group that is allowed for VPN access, and the only way to overcome this limit is to use TLS certificate pinned with the user for OpenVPN.
I would like a feature in OpenVPN to check if the user is part of a local group before allowing the connection.
Updated by Mikael * about 2 years ago
I may have expressed my self-wrong, on the system side I can create a group and assign the appropriate permissions to the web-gui for that group. I can then attach a local user which has the same username as the user in FreeRadius to the said group. When the user authentications to the system it will then match the local user which inherits permission assigned to the user group(s).
This behavior should also be true for openvpn.
Updated by Mikael * about 2 years ago
Looking into this request, basically this request sums up the feature wanted: https://redmine.pfsense.org/issues/10748