On Sat, Apr 09, 2005 at 06:18:39PM +0159, Nagy Zoltan wrote: > i'm think about how can i set up a vpn on our lan, > and make possible that not all systems are reachable by the connected vpn > users > something like that user A have access to our data servers only, but user B > can access the database,firewall servers > i'm thinking about that if the clients can login to the vpn gw server i > could use gid match to put the clients ip in a recent list, > and i can use the recent lists to mark the packets and filter by that ;) > i'm thinking about that i've missed something...and there is a simpler > solution ;) Depends on the vpn technique. I would just use different openvpn connections with different keys, so the users cannot use "not their" conections. Then you can easily add filter rules in the openvpn up-script.
