OpenVPN client static ip CSO not working

  • 2.3.1-RELEASE-p1 (amd64)
    built on Wed May 25 14:53:06 CDT 2016
    FreeBSD 10.3-RELEASE-p3

    I'm using OpenVPN with LDAP authentication.
    my network design uses two internal networks
    192.168.248.x/24 network network network for OpenVPN clients
    Connection using Windows 7 client (OpenVPN client) works fine. Client traffic is tunneled across the vpn.

    I' trying to set static ip to remote users based on X.509 common name to restrict network access based on source IP address.
    If I set a diferent network ( or on CSO to a User, connection is not working
    If I set same network on CSO connection is working, but client gets ip address and DHCP server informed to client is If I ping from OpenVPN server side to Windows client it works. I can also browse SMB resources.
    If I try to set static IP using advanced option it does not work and ip is set to windows client:

    this is my OpenVPN Windows client connection log:
    Thu Jun 16 18:13:27 2016 SIGHUP[hard,] received, process restarting
    Thu Jun 16 18:13:27 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
    Thu Jun 16 18:13:27 2016 Windows version 6.1 (Windows 7) 64bit
    Thu Jun 16 18:13:27 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
    Thu Jun 16 18:13:29 2016 Control Channel Authentication: using 'pfSense-udp-1194-tls.key' as a OpenVPN static key file
    Thu Jun 16 18:13:29 2016 UDPv4 link local (bound): [undef]
    Thu Jun 16 18:13:29 2016 UDPv4 link remote: [AF_INET]WAN_IP_ADDRESS:1194
    Thu Jun 16 18:13:29 2016 [FQDN_ADDRESS] Peer Connection Initiated with [AF_INET]WAN_IP_ADDRESS:1194
    Thu Jun 16 18:13:31 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Thu Jun 16 18:13:31 2016 open_tun, tt->ipv6=0
    Thu Jun 16 18:13:31 2016 TAP-WIN32 device [Conexión de área local 3] opened: \.\Global{247D5993-18E4-4F2C-A5E9-F5ABF62FFF08}.tap
    Thu Jun 16 18:13:31 2016 Set TAP-Windows TUN subnet mode network/local/netmask = [SUCCEEDED]
    Thu Jun 16 18:13:31 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of on interface {247D5993-18E4-4F2C-A5E9-F5ABF62FFF08} [DHCP-serv:, lease-time: 31536000]
    Thu Jun 16 18:13:31 2016 Successful ARP Flush on interface [32] {247D5993-18E4-4F2C-A5E9-F5ABF62FFF08}
    Thu Jun 16 18:13:36 2016 Initialization Sequence Completed

    Thanks in advance.

  • Hi man!
    Same problem…dunno how 2 fix it.

  • Well, I've found how to make it work, but not in subnet mode.

    I've set openVPN Server config topology in net/30 mode. I've used a 10.x.x.x/16 subnet.
    Later, in CSO Tunnel Network use a /30 per user.
    10.x.x.0/30, 10.x.x.4/30…10.x.x.252/30

    Client wil use second usable address in subnet, router uses firstone usable. I'm loosing 3 address for every client to use, but using 10.x.x.x/16 you can define more tan 16.000 remote users.

    Later, with firewall rules you can tuneup user Access based on their ip address

    hope it helps.

  • ok, thanx, but i decided degrade to 2.2.4 version (stable).

Log in to reply