pfsense OpenVPN using microsoft radius server and static client IP
-
Hi
I have openvpn setup and its using windows radius nps server for authentication. users can connect and authenticate and work. but i am unable to find a way to assign static ip so i can have granular control for each users access.I had earlier tested with free radius and there in each user profile i can manually enter a users ip and subnet and have it passed to openvpn for static ip assignment using framed ipv4 address and mask parameters.
How to achieve static IP with windows radius server.
Regards. -
Hi,
I am implementing it right now and also had this question.Just made it work though. Here is my example with Windows Server 2022 Standard:
- Open Network Policy Server.
- Create new network policy in NPS. Give it a name for example hagrid-static-ip.
- Add a condition. I did not find a possibility to add a specific user, only a group. So, added a group with one user Hagrid just for a test.
- At Settings tab go to RADIUS Attributes => Standard. Add an attribute "Framed-IP-Netmask". My OpenVPN network is 10.10.10.0/24, so i put there 255.255.255.0 mask.
- At the same Settings table to to IP Settings. Choose "Assign a static IPv4 address" there. Put an address, for example 10.10.10.55.
- Save the policy and connect to OpenVPN Server on pfsense with Hagrid user. IP 10.10.10.55 must be assigned.
I do not claim that it is a valid and good to follow solution. Just sharing my ongoing experience.
My end goal is assigning pools to different groups of users and then manage access for them in pfsense firewall. For example group admins - pool 10.10.10.10-20. This pool is added to alias in pfsense firewall and rules afterwards for this alias.This is quite typical task, I think. So, maybe there are another posts with much better explanations.
I also used this article https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html, which gave me an idea to add mask as an additional attribute and made it work eventually.