Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense OpenVPN using microsoft radius server and static client IP

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    2
    160
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Snailkhan
      last edited by

      Hi
      I have openvpn setup and its using windows radius nps server for authentication. users can connect and authenticate and work. but i am unable to find a way to assign static ip so i can have granular control for each users access.

      I had earlier tested with free radius and there in each user profile i can manually enter a users ip and subnet and have it passed to openvpn for static ip assignment using framed ipv4 address and mask parameters.

      How to achieve static IP with windows radius server.
      Regards.

      Y 1 Reply Last reply Reply Quote 1
      • Y
        yusben @Snailkhan
        last edited by

        @Snailkhan

        Hi,
        I am implementing it right now and also had this question.

        Just made it work though. Here is my example with Windows Server 2022 Standard:

        1. Open Network Policy Server.
        2. Create new network policy in NPS. Give it a name for example hagrid-static-ip.
        3. Add a condition. I did not find a possibility to add a specific user, only a group. So, added a group with one user Hagrid just for a test.
        4. At Settings tab go to RADIUS Attributes => Standard. Add an attribute "Framed-IP-Netmask". My OpenVPN network is 10.10.10.0/24, so i put there 255.255.255.0 mask.
        5. At the same Settings table to to IP Settings. Choose "Assign a static IPv4 address" there. Put an address, for example 10.10.10.55.
        6. Save the policy and connect to OpenVPN Server on pfsense with Hagrid user. IP 10.10.10.55 must be assigned.

        I do not claim that it is a valid and good to follow solution. Just sharing my ongoing experience.
        My end goal is assigning pools to different groups of users and then manage access for them in pfsense firewall. For example group admins - pool 10.10.10.10-20. This pool is added to alias in pfsense firewall and rules afterwards for this alias.

        This is quite typical task, I think. So, maybe there are another posts with much better explanations.

        I also used this article https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html, which gave me an idea to add mask as an additional attribute and made it work eventually.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post