is it possible to assign a static IP to openvpn clients authenticated by LDAP auth server?
-
previously was using local user manager and Client Specific Overrides with ifconfig-push to assign static address to connecting remote access vpn clients. after switching to an ldap authentication, clients connect successfully but no longer get the static address. the username used by the clients to connect matches what is in the Client Specific Overrides common name field. is it not possible to assign static addresses while using an LDAP authentication server?
-
You can authenticate OpenVPN Users with RADIUS via Active Directory https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/authenticating-openvpn-users-with-radius-via-active-directory.html
and assign them IP address via Framed-IP-Address RADIUS attribute: https://docs.netgate.com/pfsense/en/latest/book/openvpn/controlling-client-parameters-via-radius.html
-
ok thank you for the info. i did configure RADIUS on our Windows 2012R2 Active Directory server and it authenticates and connects the client fine. But, when i click "assign static ip address" on the "Dial-in" tab in the Active Directory user manager, the VPN client can no longer connect and gives this error.
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 10.22.4.200/-1 broadcast 255.255.255.248
Error: any valid prefix is expected rather than "10.22.4.200/-1".
Linux ip addr add failed: external program exited with error status: 1
Exiting due to fatal error
only when i enable "assign static ip address" something fails, otherwise it works fine. im not sure of any other way to assign a static IP address to a RADIUS authenticated client.
-
@sceptre357 try to make a packet capture of the RADIUS response and check it for the network mask value