Firewall rules for every Openvpn-client, is ip-adress fixed?

horshack · Aug 4, 2020, 7:25 PM

All my openvpn-clients get a virtual ip-adress for my internal net. Here on my site for the connected open-vpn-pc-road1: 192.168.10.123. I can see these addresses with https://10.17.1.254/status_openvpn.php

When I want to create a firewall rules I do this:

define an alias for the open-vpn-pc-road1 = 192.168.10.123
go to https://10.17.1.254/firewall_rules.php?if=openvpn and create rules

I wonder wether the ip-adresses the clients get are always the same? When they would change next week all my firewall rules would get mixed.

Or could I create firewall rules with the openvpn-common-name as source?

dotdash · Aug 4, 2020, 8:54 PM

You normally go to VPN, OpenVPN, client specific overrides and define your clients, then add rules based on the assigned IP under the CSO.

horshack · Aug 6, 2020, 8:43 AM

@dotdash
Thank you for this helpful hint.

I did this:

VPN - openvpn - Client Specific overriedes - add

common name: xxx
IPv4 Tunnel network: 192.168.10.200/24 (network 192.168.10.x is the ipv4-tunnel I also use for my other "normal" users without fixed ip address)
IPv6-Tunnel network: fd73:123:456:2::200/64 (network fd73:123:456:2 is the ipv6-tunnel I also use for my other "normal" users without fixed ip address)

Now I can create firewall rules (Firewall/Aliases/Edit) specific for my clients.