Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rules for every Openvpn-client, is ip-adress fixed?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 314 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • horshackH
      horshack
      last edited by

      All my openvpn-clients get a virtual ip-adress for my internal net. Here on my site for the connected open-vpn-pc-road1: 192.168.10.123. I can see these addresses with https://10.17.1.254/status_openvpn.php

      When I want to create a firewall rules I do this:

      • define an alias for the open-vpn-pc-road1 = 192.168.10.123
      • go to https://10.17.1.254/firewall_rules.php?if=openvpn and create rules

      I wonder wether the ip-adresses the clients get are always the same? When they would change next week all my firewall rules would get mixed.

      Or could I create firewall rules with the openvpn-common-name as source?

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        You normally go to VPN, OpenVPN, client specific overrides and define your clients, then add rules based on the assigned IP under the CSO.

        horshackH 1 Reply Last reply Reply Quote 0
        • horshackH
          horshack @dotdash
          last edited by

          @dotdash
          Thank you for this helpful hint.

          I did this:

          VPN - openvpn - Client Specific overriedes - add

          • common name: xxx
          • IPv4 Tunnel network: 192.168.10.200/24 (network 192.168.10.x is the ipv4-tunnel I also use for my other "normal" users without fixed ip address)
          • IPv6-Tunnel network: fd73:123:456:2::200/64 (network fd73:123:456:2 is the ipv6-tunnel I also use for my other "normal" users without fixed ip address)

          Now I can create firewall rules (Firewall/Aliases/Edit) specific for my clients.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.