Weblog entry #25 for e5z8652
But I want to restrict use of the VPN to users in a certain group. (or perhaps prevent users in a certain group from using the VPN.)
I do not think iptables' user tag does what I would like, since OpenVPN does not run as the user so iptables can't tell who owns the packets. And that would not work at all for an SSH session back down the VPN tunnel, where I want to log in as a preferred user, but prevent logging in as another user.
Hmm. I've been away too long and my brain is full of cobwebs.