Static IP address asignment for IPSec mobile clients

baltazar_gabka

Is it possible to assign static IP address to specific client in FreeRADIUS for IPSec Mobile clients?

I tried "Framed-IP-Address = 10.0.0.100" however that does not work.

"testuser" Auth-Type = googleauth

	MOTP-Init-Secret = XXXXXXXXXXXXXXXX,
	MOTP-PIN = XXXXXX,
	MOTP-Offset = 0,
	Framed-IP-Address = 10.0.0.100

jimp

Yes but at the moment you can only do that if you:

1. Empty out the mobile client subnet entered in the Virtual Address Pool box (VPN > IPsec, Mobile tab)
2. Assign a static IP address to every user

We're working on a way to have it prefer radius and fail back to a local pool if needed, see https://redmine.pfsense.org/issues/8160

NogBadTheBad

The following works for me after doing step 1

"test-user" Cleartext-Password := "XXXXXXXXXXXXXXX", Simultaneous-Use := "1", Expiration := "Jan 01 2020", NAS-Identifier == strongSwan

Framed-IP-Address = 172.16.9.254,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "0.0.0.0/0 172.16.0.1 1",

Remember the Simultaneous-Use := "1" if your giving them a fixed IP.

https://forum.pfsense.org/index.php?topic=130715.0