How can I associate a specific subnet with a specific certificate with openvpn?

Question

I have a firewall linux box with 4 interfaces:

eth0 147.87.107.4 (to the internet) eth1 192.168.11.2 (Employee subnet) eth2 192.168.22.2 (Guest subnet) eth3 192.168.33.2 (Management subnet)

And I am trying to setup the openvpn server and client in such a way that he connects the client to the right subnet while checking the CN in the certificate.

In such a way:

Employee -> subnet 192.168.11.0 (Employee subnet) Guest -> subnet 192.168.22.0(Guest subnet) Admin -> subnet 192.168.33.0 (Management subnet)

How can I do that?

score 0 · Accepted Answer · answered Dec 02 '10 at 09:24

Take a look at the following settings in the man page:

   --client-config-dir dir

   --ccd-exclusive

From there, you can create CCD files specific to the CNs of the certificates, and push different subnets, routes (or any other config settings you like) to the client based on it. The second option specifies that no connection is allowed unless a CCD exists for that CN.

How can I associate a specific subnet with a specific certificate with openvpn?

1 Answers1