Limit the access of users who connect through OpenVPN.

To allow access of our users only in specific time intervals it is necessary to create a schedule:

• Navigate to Firewall → Schedules.
• Click the Add button.
• In Schedule Name give a name to the schedule.
• Select the month to apply it to.
• Select the days on the calendar.
• Select the time range and click on Add Time.
• Repeat the procedure to add another time / date range to be assigned to this schedule.
• All created ranges will be displayed under Configured Ranges.

At this point, in order to implement the scheduling created in the Firewall Rules, it is necessary to assign a very specific static IP address of the VPN tunnel to the users we want to limit.

This is necessary because the firewall manages the rules via IP addresses.

To assign a static IP address to the user, we will proceed as follows:

• Navigate to VPN → OpenVPN → Client Specific Overrides.
• Click the Add button

In the configuration screen that will appear, it will be sufficient to configure only 2 items:

• Common Name: The name of the VPN user.
• Advanced: Insert the following string ifconfig-push [IP_TUNNEL] [NETMASK].
  • Where IP_TUNNEL will be the IP address of the tunnel that we would like to be assigned to the user.
  • Example: ifconfig-push 10.20.30.20 255.255.255.0

Repeat the procedure for each user to be managed.

https://www.firewallhardware.it/en/pfsense-and-openvpn-timed-access-for-openvpn-and-limitations-on-the-lan/