Conditional VPN pools - idea/help needed

H2009 · July 4, 2014, 4:22pm

Hello

I’m just setting up a VPN server at the moment but I need to create 2 ‘pools’ for different groups of users.

Pool 1 - All devices connecting to this will be routerboards - They always need to get the same IP address each time they connect (long leases) - All of them need to authorise against DMA Softlab radius server - All router boards should be able to communicate with each other on this pool

Pool 2 - This is for external clients, again they authorise against a radius server (same as above), but need to be completely separate from pool 1. In this pool they should not be able to communicate with each other.

Is this possible somehow, given I’ve only got 1 external IP address.

eschuch · July 5, 2014, 4:05am

Fixed ip to pptp/pppoe clients must be set on the radius server parameter if the autentication (AAA) is external or in the secrets table in the ppp of the RB. Use for sample a sequenci like 10.0.0.1, 10.0.0.2, 10.0.0.3 …

Not fixed clients can use a pool. Make a pool like 10.1.0.1-10.1.255.254

Add 2 firewall filter that drop comunications to this rages

H2009 · July 5, 2014, 3:38pm

Hi Thanks for your reply, is there any method that this can be done on the RB itself where the VPN server is rather than the radius server.

Since I’m using Radius Manager I believe the area you are referring to is IP Pools - so I would specify an IP for all RB hotspots.