VPN with different rules for different users

Question

I am configuring a VPN with different kinds of rules. However, I need different sets of rules for different users.

i.e.

User A will have XX.XXX.XX.XXX IP blocked

User B will have YY.YYY.YY.YYY IP blocked

And after some actions, I will have to dynamically change this restriction, or add a new rule to user A.

I am trying to use strongswan VPN Our clients will be using iOS. We can configure the VPN there.

If the client is blocked, he won't be able to access the site. i.e. (facebook.com).

The VPN is not working right now, I want to set it up and want to know the best way to achieve my objectives.

So far I have configured StrongSwan in my iphone and it's working fine, but it's tunnelling all the traffic to Internet.

Any help?

the question appears a bit broad: what OS is it? would the "denied" user then use the normal connection instead of the VPN or have no connection at all for this destination? if no connection at all, does the question really depends on using a VPN? Is this VPN working right now? ... You should show what you have done so far with some configurations and/or results of tests. Last bu not least, explaining *why* can help too. — A.B, Jan 10 '18 at 17:15
hem I would have given basic Linux firewall suggestions, but it appears there's no Linux — A.B, Jan 10 '18 at 18:01

score 0 · Answer 1 · answered Jan 15 '18 at 19:57

I would recommend to take a look at Softether VPN server. As it supports a lot of protocols

Also it supports security policy settings (Per User / Per Group). So you can configure acl per user/group and change your rules dynamically.

Softether can be run on Windows/Linux/Mac OS X/FreeBSD/Solaris and has a lot of other features

I need more help. Security policy can be changed through an application but I want it to be more on demand. Can you help me out? — Tony, Jan 16 '18 at 17:16

1 Answers1