Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Fixed IP's on OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 7.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SourceFinder
      last edited by

      I'm just a beginner on OpenVPN, so I hope my question isn't very dumb:

      I've set up an easy OpenVPN connection with the pfsense and added 5 clients. I noticed by testing each client they received different remote IP's and different server IP's. So I can image OPenVPN uses an unique server- and remote IP for every connection. How can I use fixed IP's for every client?

      Thanks for your reactions

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Take a look at the "client specific configuration"

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • S
          SourceFinder
          last edited by

          Hi GruensFroeschli,

          Thanks for your reaction. But I'm just a beginner on OpenVPN.

          I've searched the pfsense forum and on openvpn, but I couldn't find the correct rules to get this right. I'm using the standard UDP protocol for the connection. What rule(s) do I have to add to the client configuration or to the pfsense? My client setup is as follows:

          client
          dev tun
          proto udp
          remote xx.xx.xx.xx 1194

          #resolv-retry infinite

          Most clients don't need to bind to

          a specific local port number.

          #nobind

          persist-key
          persist-tun

          #mute-replay-warnings
          ca ca.crt
          cert client01.crt
          key client01.key

          #ns-cert-type server

          If a tls-auth key is used on the server

          then every client must also have the key.

          #tls-auth ta.key 1

          Select a cryptographic cipher.

          If the cipher option is used on the server

          then you must also specify it here.

          #cipher x

          comp-lzo
          verb 3

          Silence repeating messages

          #mute 20

          1 Reply Last reply Reply Quote 0
          • V
            Valhalla1
            last edited by

            you use the client-config-dir ccd directive in your server config, and create unique config files for each client in the ccd directory which contain the ip's you want static for each client (and the corresponding static server ip openvpn will use)

            so like you'd have /usr/local/etc/openvpn/ccd/  (or wherever pfsense stores it)  and have files in there for each client like client1 might say

            ifconfig-push 10.8.1.1 10.8.1.2

            client2's file :

            ifconfig-push 10.8.1.5 10.8.1.6

            http://openvpn.net/howto.html#policy

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              What Valhalla1 said :)

              If you set up OpenVPN yourself you would have to write these files yourself.
              But on pfSense they will get created automatically if you just create a client specific configuration on the respective tab in the GUI.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.