[Solved] How to configure openvpn with ip fixed?

junokim76

Hello,

johnpoz,

I changed the IP of my VPN network to 172.16.21.0/24 as suggested, I thought that this tunnel address would not be mixed with the public IPs valid. Thanks for the tip.

Made the changes and configured in the "Client Specific Overrides" tab and restarted the OpenVPN service and still the IP gets duplicated.

What can it still be?

PS. Yes, its my local LAN:
Are you using this locally as your lan network? "LAN: 193.89.21.0/24"

johnpoz

"restarted the OpenVPN service and still the IP gets duplicated."

What do you mean gets duplicated??

What is that a screenshot of… :1194 is not the source port of some client connecting to openvpn running on pfsense??  I find that highly unlikely... What does the widget show you for your clients like I posted..

"PS. Yes, its my local LAN:"

Dude!!!!  You can not just pick random IPs out of thin air and use them on your network... Use the IP space that has been assigned for you to use on your local networks rfc1918... That network is owned by.. Company in Denmark...

junokim76

Hi johnpoz,

I made the changes on the internal network too, did not know that this was so restricted, but thank you for alerting me.

I changed my internal / local network to the address 192.168.21.0/24

Now follow the new settings:
Local Network: 192.168.21.0/24
VPN Network: 172.16.21.0/24

The OpenVPN settings are the same I just switched access to my internal network for the new network.

I was hoping to solve the problem of OpenVPN Virtual IPs not being duplicated, but unfortunately it still did not work out.

I am seeing other posts but I have not got a solution yet.

johnpoz

Dude where are you seeing that they are being duplicated?  As you see I can not duplicate your problem… What you posted sure did not look like the openvpn widget - not sure what you were showing exactly that you think the IP is being duplicated..

You have clientA, and clientB with different cert names, ie the CN..

if you create a client override for clientA to get IP address 1.2.3.4... It is not possible for clientB to get this same IP...  Please post up your client override config and what is the CNs of your different clients that are connecting.. Post up the log of your connections from your clients or your server side..

It is not "restricted" to use whatever IP you want... But if you just pull IPs out of thin air and attempt to use them.. Your going to have issues if your ever trying to actually go to something on the internet on those networks your using... Such a setup screams whoever set this up has zero clue!! ;)  There is millions IPs available in the rfc1918 space, there would be zero reason to just make up some network that is public and start using that on your local networks.  Technically it can be done - but its BAD PRACTICE!!!

Do you have this checked?
"Allow multiple concurrent connections from clients using the same Common Name."

On your vpn server settings?  Also if you have a lot of clients.. Then guess it could be possible to get a duplicate if your using the low end... Use a different tunnel network for the clients you want to set static..

You don't seem to be able to set the pool directive in the options on the server.. So if you have so many clients connecting that you get a duplicate handed out because your using your whole pool??  Make a larger remote network say /23 how many concurrent clients do you have?  And use static on the high end with your override..

junokim76

Hello johnpoz,

then they are with the same Virtual Address as shown in the print screen see that I point with the arrows.

Yes it is from pfsense with the theme dark, I changed it for easier viewing.

But now I send the print I made going under Status -> OpenVPN, where it shows the connected clients and where I see the Duplicate Virtual Address.

In one of the prints I show a configuration that I made for myself and that is with the correct parameters but still doubles.
I believe that when configuring the client for this IP the server should not assign this IP to anyone else.
What can it still be?

johnpoz

172.16.71.7/24 is not a NETWORK - that is a host address.

172.16.71.0/24 would be the /24 network

Please use a HIGHER number for your static one in the pool… with a pool of 172.16.71.1 to .254 why would you assign your static to .7 -- set it to .170 or something.. Openvpn will assign addresses on the low end of the pool..  Put the statics on the high end..

junokim76

Hello johnpoz,

really my network is: 172.16.21.0/24
and I was putting ip address in the wrong place where the tunnel is placed.

I made the correction and in the advanced part I put the IP as follows:

ifconfig-push 172.16.21.7 255.255.255.0;

so it still assigns the ip to my connection end and the other as well.

I always thought that when I put the ip in these settings that openvpn will put the ip as reserved and will not assign it to another connection.

What else caught my attention in your comment and how do you know that openvpn will assign the low ips to the dhcp and the fixed ones will last?

Is this some RFC standard?

Or simply by constructing enumerate the ips by adding more in dhcp the release is made?

Do you have any good practices in this regard?

on that I decided to use my ip for the end 77 and it seems that solved !!!
tomorrow I will put the rest of the clients to see if everything is going to work out

johnpoz, thank you for your patience and your wisdom in helping me solve this problem.

junokim76

Hello guys
How do I mark the topic as resolved?

johnpoz

Edit the thread subject and put [Solved] at the beginning.

Glad you finally got it worked out - as a side bonus your no longer using public IP space that you do not own ;)

junokim76

True, every day learning more …