Firewall rules for every Openvpn-client, is ip-adress fixed?
All my openvpn-clients get a virtual ip-adress for my internal net. Here on my site for the connected open-vpn-pc-road1: 192.168.10.123. I can see these addresses with https://10.17.1.254/status_openvpn.php
When I want to create a firewall rules I do this:
- define an alias for the open-vpn-pc-road1 = 192.168.10.123
- go to https://10.17.1.254/firewall_rules.php?if=openvpn and create rules
I wonder wether the ip-adresses the clients get are always the same? When they would change next week all my firewall rules would get mixed.
Or could I create firewall rules with the openvpn-common-name as source?
You normally go to VPN, OpenVPN, client specific overrides and define your clients, then add rules based on the assigned IP under the CSO.
Thank you for this helpful hint.
I did this:
VPN - openvpn - Client Specific overriedes - add
- common name: xxx
- IPv4 Tunnel network: 192.168.10.200/24 (network 192.168.10.x is the ipv4-tunnel I also use for my other "normal" users without fixed ip address)
- IPv6-Tunnel network: fd73:123:456:2::200/64 (network fd73:123:456:2 is the ipv6-tunnel I also use for my other "normal" users without fixed ip address)
Now I can create firewall rules (Firewall/Aliases/Edit) specific for my clients.