Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius user auth & assigned IP

    Scheduled Pinned Locked Moved
    FRR
    2
    3
    268
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      McMurphy
      last edited by

      When a user connects using OVPN they are assigned an IP from the IPv4 tunnel range

      When using FR for authentication I can assign each user an IP address.

      How does the FR assigned IP address relate the the OVPN tunnel IP address?

      For example:
      My OVPN tunnel is 172.30.50.0/24 and when connecting I am allocated 172.30.50.2

      If I then assign 192.168.0.1 in the FR settings my user is assigned this address and not the tunnel address.

      Should the FR address be an IP from the OVPN tunnel?

      T 1 Reply Last reply Reply Quote 0
      • T
        The Party of Hell No @McMurphy
        last edited by The Party of Hell No

        @McMurphy If you want to assign permanent OpenVPN IP's which do not change use: VPN - OpenVPN - Client Specific Overrides to do that.

        When I did this I duplicated the Common Names used in the OpenVPN Certificates across OpenVPN - Client Specific Overrides, FreeRadius - Users and Users under User Manager to keep the confusion limited.

        I think you are not assigning an IP to each user in FreeRadius - leave blank - you use the IP assigned in the above Client Specific Overrides what the FR Authentication Server is doing is verifying the certificate, common name, password and IP. I believe - been a long time since I set this up - the password is the Free Radius contribution.

        M 1 Reply Last reply Reply Quote 0
        • M
          McMurphy @The Party of Hell No
          last edited by

          @The-Party-of-Hell-No

          Thanks for the pointer, I finally got it working using FR. The IPs were being assigned correctly however I had my subnet masks wrong. It has to match the tunnel.

          https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html#static-ip-address

          1 Reply Last reply Reply Quote 0
          • First post
            Last post