Firewall rules for every Openvpn-client, is ip-adress fixed?
-
All my openvpn-clients get a virtual ip-adress for my internal net. Here on my site for the connected open-vpn-pc-road1: 192.168.10.123. I can see these addresses with https://10.17.1.254/status_openvpn.php
When I want to create a firewall rules I do this:
- define an alias for the open-vpn-pc-road1 = 192.168.10.123
- go to https://10.17.1.254/firewall_rules.php?if=openvpn and create rules
I wonder wether the ip-adresses the clients get are always the same? When they would change next week all my firewall rules would get mixed.
Or could I create firewall rules with the openvpn-common-name as source?
-
You normally go to VPN, OpenVPN, client specific overrides and define your clients, then add rules based on the assigned IP under the CSO.
-
@dotdash
Thank you for this helpful hint.I did this:
VPN - openvpn - Client Specific overriedes - add
- common name: xxx
- IPv4 Tunnel network: 192.168.10.200/24 (network 192.168.10.x is the ipv4-tunnel I also use for my other "normal" users without fixed ip address)
- IPv6-Tunnel network: fd73:123:456:2::200/64 (network fd73:123:456:2 is the ipv6-tunnel I also use for my other "normal" users without fixed ip address)
Now I can create firewall rules (Firewall/Aliases/Edit) specific for my clients.