1) We are using AD-auth in addition to the openssl cert/key. However - is there anything to prevent (AD user) UserA from utilizing UserB's cert/key? In other words, I would ideally like to do a pattern-match on the "username" with the cert/key username, and reject if they don't match. Is there a way to do that? If not exposed via the webadmin GUI, maybe editing the openvpn-server config? (NOTE: I've done it in a straight openvpn setup, but I don't know what the sophos implementation allows/doesn't allow... and if there _isn't_ a way to do that, I think it would be a nice feature-request).
2) This might be a dumb question - I'm new to Sophos, but not new to openvpn - but how can I limit what the connected user can/cannot see? I would guess that I would use the firewall and limit/allow where they can go via the VPN pool/subnet. That's fine for global, but is there a way to do that per-user? Barring that - if I could make sure that "developerA" always gets vpn-pool-address X.X.X.X then I can give them greater latitude vs. a contractor working overseas (and _just_ needs to get to Dev server Y). Any pointers appreciated.
This thread was automatically locked due to age.
