VPN Access Policies
Access policies define who may reach which assets through which VPN gateway, optionally requiring an approved change and time windows.
Module availability
Section titled “Module availability”Requires module.vpn and vpn.update (or Admin) to manage policies. Users need vpn.read to view.
Policy elements
Section titled “Policy elements”| Element | Description |
|---|---|
| Gateway | Edge appliance at a site (WireGuard endpoint, installed by Monozu) |
| Principals | Users or groups granted access |
| Allowed assets | Explicit hosts (by asset), not whole subnets |
| Change requirement | Optional link to an approved change before connect |
| Schedule | Optional time-bound access |
Manage policies
Section titled “Manage policies”- Go to VPN → Access Policies (
/vpn/policies). - Create or edit a policy; select gateway, members, and allowed assets.
- Save. Users in scope see the gateway on the VPN overview when they connect.
Policies are enforced by the VPN Hub; cloud.monozu.io stores policy and session metadata.