Individual Firewall Rules for Connecting Clients
One striking possibility OpenVPN offers is a setup where:
An OpenVPN machine acts as a server that protects the company's network, admitting access for OpenVPN clients.
The clients are automatically assigned IPs by the server.
The clients are equipped with certificates, and identified and authorized by these certificates.
The scripting parameter learn-address in the server's OpenVPN configuration file will have the server execute a script whenever an authorized client connects to the VPN and is assigned an address. This parameter takes the full path to a script as an option:
learn-address /etc/openvpn/scripts/openvpnFW
In this example, the script openvpnFW will be executed each time a client is assigned an IP address and will be passed three variables by the OpenVPN server process:
1.
$1: The action taken; this may be one of add, delete, update2.
$2: The IP assigned to the client connecting3.
$3: The common name in the subject line of the client...
