Yes, it is possible. If the user is being authenticated via RADIUS or LDAP (possibly even TACACS) you can enable password management, which will allow a user to change their password. However, the user cannot initiate the change. That is controlled b...
The MonoWall would have to support no-nat based on access-list policy (set a rule to no-nat that host when destined to the VPN client host(s)) and then every intermediate hop would need a route to that host's no-nat address (192.168.20.3), including ...