OpenVPN | Static IP for users
-
Dear All,
I'm trying to set a static IP for VPN users to control them through the firewall. So, I'm using Windows RADIUS and I set a static IP for the VPN users through the Active Directory then adding a policy through the Windows NPS.
At the end the connection not established and I received an error message.
Please note that pfSense VPN Subnet configuration is 10.10.185.0/24
Any Help!User properties from windows AD:
login-to-viewWindows RADIUS:
login-to-viewOpenVPN Connect Client:
-
Dear Guys,
Your help is highly appreciated
Thanks, -
I've never tried setting the address via NPS, but you could add a client-specific override for that user instead.
-
Dear All,
Please note that my problem is solved and now I can authenticate OpenVPN's users via Windows RADIUS Server and also applying static IP for each user without Client Specific Overrides.
Thanks, -
Care to share the details?
-
This is where I do it, like @dotdash says above, in VPN -> OpenVPN -> Client Specific Overrides, in the Advanced box at the bottom of the screen.
-
@akuma1x This solution has a serious problem. More details
https://forum.netgate.com/topic/157467/bug-openvpn-strict-user-cn-matching-is-not-case-sensitive?_=1602154685043 -
@mohkhalifa
You should post your findings, share with other how you solve this issue, it will benefit other users who may meet the same problem.From the error message you posted, it seems that you provide wrong netmask to the openvpn client.
-
Revisiting this topic, as I have seen some problems with assigning a static IP via client specific override. When working with usernames instead of cert names, users can bypass the cso if the username case doesn't match the cso (but the radius allows the connection). In a test, I found that specifying the IP address on the dial-in tab does work, provided you add the radius attribute 'Framed-IP-Netmask' to the network policy.
-
Dear @dotdash
That's typically what I did when faced the problem.