Settings Static IP for openvpn clients



  • Ive searched the forum and read the openvpn capability page and searched google and ive found alot of unique situations but none that really addressed what i want to do.

    I have several openvpn windows clients that connect to my pfsense firewall, but every once in a while if the machines get turned off or there is a power outage the machines sometimes swap ip addresses or get new ones.  i have software that backs up the machines and it looks them up via the host file which is pointed to their ip address so its messing things up.

    I cant find a direct way to assign each vpn client a static ip address. in the firewall setup there is a "use static ips" that turns dhcp off, and then i can set the "interface ip" to a "range" but thats not really static either.

    is there a way to specify what ip a client gets? or if not a direct way through pfsense, possibly a work around that anyone knows of?
    Is it possible to set the ip address in the conf file on the client computer?

    I normally set static ip addresses for the rest of the Lan using the dhcp mac address mapping, but i havnt found that kind of functionality with the openvpn part.  there really is no dhcp setup or the ability to map certain mac's to static ips.

    I guess the "interface ip range" is whats throwing me, if its a range and i cant specify the ip address, then how is it static?
    setup each client on their own subnet? e.g. 10.0.1.0, 10.0.2.0 etc? and hope that it always pulls the first two ip addresses from each range? per the firewall instructions: "The first IP in the range will be used as the remote IP of the interface, and the second IP will be used as the local IP of the interface."  thats got me all kinds of confused at this point.

    what do i need to do to accomplish this?

    Thanks for any help you can give.



  • Look at the "client-specific configuration" tab.
    There you can specify the IP a client should get.



  • Thats what i dont understand. If i want a static ip, why am i putting in a "range" of ip's?
    if i want a client to have 192.192.1.25 how would i specify that as a range?
    the range would be 192.192.1.0/24, but how does it know to get .25?
    or is there something in the custom options that will accomplish this?

    thanks for the help.



  • Set this option to push an IP to the client's interface. Expressed as a CIDR range (e.g. 10.5.0.0/16). The first IP in the range will be used as the remote IP of the interface, and the second IP will be used as the local IP of the interface.

    In a PKI setup each client connects within its own /30 subnet.
    The range you provide in the overall config defines how many such /30 subnets you can have.
    ie: If you provide a /24 subnet for all clients there can actually 256/4 = 64 clients be connected at one time.

    With the client specific config you can manually define which of these /30 subnet a client will use.


Log in to reply