Client-specific configuration, static IP



  • I have a pfSense box with approximate 50 VPN users, and have set up static IP for some users using the "Client-specific configuration -> Interface IP". The clients gets the defined IPs and everything is working as expected.

    The question is related to all the other VPN clients:
    When a "Client-specific configuration" is set up to specify a static IP for one client, is it possible that another client may get the same static IP, or is it reserved? I wonder if it's sufficient to just define the clients I want with a static IPs, or if I have to set up static IPs for all clients to avoid IP conflicts?

    Best regards
    Jørgen


  • Rebel Alliance Developer Netgate

    A few simple tests could confirm this behavior, but I'm not sure offhand.

    I haven't tried this myself, but you could require having a CSC entry, and use the directive

    ccd-exclusive;
    

    In the custom options to enforce the requirement that a client exists on the CSC tab before they can connect.

    The OpenVPN man page doesn't really clarify whether or not the ifconfig-push directives for the CSC entries are taken into account during general pool assignment.


Locked