OpeVPN DHCP

Yariel

Hi,

we have installed fpSense 2.6.0. We would like to set static IPs for the devices in a VPN. We are wondering:

• is it possible to get those static IPs?

• if it is possible, would there be any bad consequences when connecting all devices to the VPN in the same time?

There would be a total of 254 devices connecting in the same time to the openVPN.

These are the properties of our pfSense:

Thanks.

viragomann

@Yariel said in OpeVPN DHCP:

we have installed fpSense 2.6.0. We would like to set static IPs for the devices in a VPN. We are wondering:

is it possible to get those static IPs?

You would have to create a Client Specific Overrides for each user, where you can state an IP out of the tunnel network.

This has nothing to do with DHCP. OpenVPN manages client IP itself.

if it is possible, would there be any bad consequences when connecting all devices to the VPN in the same time?

There would be a total of 254 devices connecting in the same time to the openVPN.

These are the properties of our pfSense:

This rather depends your hardware memory and on the throughput, you strive to get on all VPNs.
Remember that each connection consumes a small amount of memory, and the encryption and decryption of the traffic generates CPU load. But your CPU should conquer this.

At first you should enable hardware acceleration.
To do so, go to System > Advanced > Miscellaneous > Cryptographic Hardware and select AES-NI acceleration and save the settings.
The system needs to be rebooted after.

Then in the OpenVPN settings, select an AES-GCM as preferred cipher.

However, I'm wondering why you need a static IP for all 254 users?

Gertjan

@Yariel

@viragomann said in OpeVPN DHCP:

However, I'm wondering why ...

There is another potential issue : 2.6.0 is a rather ancient version of pfSense with an very old OpenVPN version.

If the/your openvpn client users on their side 'upgrade' the OpenVPN Connect client software (can you blame them , They probably want the latest version to be as safe as possible) then you'll be using the old OpenVPN server and they are using the recent OpenVPN client. That will go wrong ....
Or would you say : for 'reasons', you (the openvpn client) shouldn't update and upgrade ....

My point of view : as security becomes really important as soon as functionality as VPN is in use, one would want to use the most up to date version of everything, as this concerns security of all the connected networks.

edit : and I know/remember : when 2.6.0 came out, people stayed with 2.5.2 as it was 'better' or something like that (more stable, etc) - they just do not what to admit that they didn't (want to see) saw the upgrade button.

I'm using "2.7.2" right now. OpenVPN server on pfSEnse, and me using a OpenVPN client, works just fine.

Yariel

@Gertjan @viragomann Thanks for your answer. I recently updated my pfSense to version 2.7.0 and managed to successfully load all the networking settings. However, I am facing an issue with the web interface as it just goes blank when I try to load it. Could you provide me with any suggestions to fix this issue please?

viragomann

@Yariel
Try to clear the browser cache or another browser.

Yariel

@viragomann I already did it and the same

viragomann

@Yariel
Possibly there went something wrong. This could happen if you do not remove packages before running the upgrade.

Anyway, reinstall the system and restore the backup then.
pfSense will install all packages automatically again and you're up again within a view minutes.

Yariel

This post is deleted!

Yariel

@viragomann @Gertjan I was finally able to reinstall the system and be able to access the web interface. But I still can't put static IPs on my openvpn clients

viragomann

@Yariel said in OpeVPN DHCP:

But I still can't put static IPs on my openvpn clients

We told you, how to do this, in our first posts.

the other

@Yariel hey there,
just put (as mentioned above) your client with the IP you want for it in the Client Specific Override Tab: