Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules for every Openvpn-client, is ip-adress fixed?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 365 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • horshackH Offline
      horshack
      last edited by

      All my openvpn-clients get a virtual ip-adress for my internal net. Here on my site for the connected open-vpn-pc-road1: 192.168.10.123. I can see these addresses with https://10.17.1.254/status_openvpn.php

      When I want to create a firewall rules I do this:

      • define an alias for the open-vpn-pc-road1 = 192.168.10.123
      • go to https://10.17.1.254/firewall_rules.php?if=openvpn and create rules

      I wonder wether the ip-adresses the clients get are always the same? When they would change next week all my firewall rules would get mixed.

      Or could I create firewall rules with the openvpn-common-name as source?

      1 Reply Last reply Reply Quote 0
      • dotdashD Offline
        dotdash
        last edited by

        You normally go to VPN, OpenVPN, client specific overrides and define your clients, then add rules based on the assigned IP under the CSO.

        horshackH 1 Reply Last reply Reply Quote 0
        • horshackH Offline
          horshack @dotdash
          last edited by

          @dotdash
          Thank you for this helpful hint.

          I did this:

          VPN - openvpn - Client Specific overriedes - add

          • common name: xxx
          • IPv4 Tunnel network: 192.168.10.200/24 (network 192.168.10.x is the ipv4-tunnel I also use for my other "normal" users without fixed ip address)
          • IPv6-Tunnel network: fd73:123:456:2::200/64 (network fd73:123:456:2 is the ipv6-tunnel I also use for my other "normal" users without fixed ip address)

          Now I can create firewall rules (Firewall/Aliases/Edit) specific for my clients.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.