L2TP User-dependent firewall rules


I currently have an ASA 5505 for VPN connectivity, authenticating against a RADIUS server. It supports different firewall rules for internal access based on who logs in (admins can route to everything internally; limited users can only access certain ports/servers).

Does VyOS support this?


You can setup different VPN pools that different users can log into using OpenVPN. Now that you have different subnets, you can assign firewall rules based on the source address of the pool members. You can do your firewall rules on specific interfaces, or you can develop zones and then add the firewall rules to these zones.

I have not configued Radius with OpenVPN but I know RADIUS is one of the supported authentication methods of OpenVPN.



I know I could do that, but I might as well just use the ASA I currently have if Vyos doesn’t support it natively. I’ll probably just do that for the client VPN connections (I was going to have it connected anyway as a backup).