With the current situation in the world we are relying on VPN connections to our network heavily. I need some way to control access for different users. For example I want to be able to assign different rules for my IT staff than I do a regular user. Without being able to assign a group policy to a VPN connection and not being able to assign a static IP address to system I have no way of achieving this.
If you use a device for IT staff (say a small MX or a Z3) then you can give lots of access to those devices and different access between them if needed. Then you can use the client VPN for normal users. I am testing this right now 😎
When you create the VPN account connect once as that user (or what till they have connected once). Once they have connected apply a group policy with firewall rules. This will then stick on then every time they connect.
That does not work properly. I tried that. What ends up happening since the group policy can not attach to a MAC address the group policy over time gets randomly assigned to different systems. I have a policy for IT staff. There are only three of us. When I go in and look at the client list that policy is currently assigned to 10 different systems.