Hello,
We are planning to migrate our corporate VPN from vanilla OpenVPN to Pritunl. The major points from Pritunl is the SSO and ease of config. But in our previous solution, we have fine-grained ACL for each user. The approach was to use openvpn’s client-connect
and client-disconnect
argument and manipulate the iptables like so:
for role in user_roles:
for ip in role_ip_map.get(role, []):
rule = iptc.Rule()
rule.src = user_ip
rule.dst = ip
rule.create_target("ACCEPT")
chain.append_rule(rule)
# Always allow DNS request to the cluster
rule = iptc.Rule()
rule.src = user_ip
rule.dst = dns_ip
rule.create_target("ACCEPT")
chain.append_rule(rule)
# Drop the rest
rule = iptc.Rule()
rule.src = user_ip
rule.create_target("DROP")
chain.append_rule(rule)
Do you think this can be accomplished in pritunl? We have around 20s group, and having that much servers would be counter intuituive for the user.