Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client Specific Override for static IPs

    OpenVPN
    1
    2
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Supay
      last edited by

      Hi everyone,

      I'm sorry, I know this is a question which comes up a lot but I am so stumped.  I have had OpenVPN running absolutely perfectly for over a year now.  I had it configured so that multiple clients could connect and each had a client specific override set which assigned a specific IP to each client.  My firewall rules were set to allow me full access to my internal LAN while only allowing guests access to one specific device (a NAS) and to connect back through the WAN to the internet.  As I said, worked perfectly for 4 users and I haven't had to touch it since I set it up.

      I used the wizard to setup the VPN and this guide https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server#OpenVPN_Client_specific_overrides with the only difference being that I used UDP 1194 rather than TCP 443 as detailed here.  I really haven't deviated much from the basics, I'm not trying to do anything fancy, I just want to be able to assign static IPs to each client.

      However, I upgraded to 2.3.1-RELEASE-p5 and my VPN immediately stopped working.  It seems that the client specific settings simply do not work as before as it is when having them active that it breaks.  I didn't change anything between versions and I have even wiped the configs and manually re-entered them as they were originally just to make sure.  If I ignore the client specific override and just set the VPN up with a firewall rule to pass all traffic from the VPN interface, then everyone can connect and access my entire internal LAN, but their IPs assign dynamically and I cannot tune individual user access through my firewall.

      Can any please advise me as to whether something fundamental has changed to cause this?  Is that guide I linked simply out of date and useless?  Is there anywhere else I can look to get a better answer?  I have tried searching post after post but there are so many different similar issues and answers that I cannot work out what might be wrong or what might fix my issue.  I would really appreciate any assistance, I'm tearing my hair out over it.

      1 Reply Last reply Reply Quote 0
      • S
        Supay
        last edited by

        I think I may have just had one of those answered your own question after asking it moments. In following that guide and others, I was using the net30 option but I see that is deprecated now and the default is set to use a subnet topology. Looking at my settings, it seems that in the upgrade my config changed to the new default which I assume would explain it breaking. Since then I seem to have confused myself and have ended up with a net30 config but not with that option selected, so the VPN probably has no idea what is going on.

        I think I'll sleep on it and take another look in the morning, hopefully I've understood that correctly and can fix it. Please let me know if I'm still confused though, in case I'm just going down another wrong track. Thanks.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.