Description: The customer has deployed a network connector from OpenVPN Cloud and would like to filter the Groups to access certain subnets or IP Addresses from an IaaS provider.
Resolution:From your OpenVPN Cloud Administrator Portal, go to Networks > Destination Services and create an IP Service, then apply It to the Access Groups in OpenVPN Cloud.
From this example, a User from Group A only has access to 172.31.3.0/24 and Group B has access to the entire subnet of 172.31.0.0/20.
From your OpenVPN Cloud Administrator Portal, go to > Networks > select the created Networks > Destination Services > IP Services > Add New IP Services.
Next, change the Topology from the default setting Full-Mesh to Custom to use the Access group.
From your OpenVPN Cloud Administrator Portal, go to Settings > WPC > Edit > Topology > Custom > Update (see the screenshot below).
After changing the Topology, proceed to configure your Access groups which specifies the access relationship between Sources (i.e. Who?) and Destinations (i.e. What?). From your OpenVPN Cloud Administrator Portal, go to Access > Groups > Create Access Group > Fill in the 'Access Group Name' > Source: User Groups (ex. Group A) > Destination: select the IP Services "172.31.3.0" > Create (see the screenshot below).
Do the same process as Step 3 but for different Sources(User Groups: Group B) and Destinations. Select IP Services "172.31.0.0". (see the screenshot below).
Note The Default Full Mesh Access Group already exists.
You can delete the default Access group when more than one Access group exists, or after you've created your Access group. (see below sample screenshot)
Test the Access Groups from the connected WPC users of Group A & B to access the subnet that is allowed for the Groups.