OpenVPN remote client - assign static address?
-
Greetings all,
Hopefully this is not covered somewhere else, but how can I assign a specific IP address to an OpenVPN client? I am running pfSense 2.0 Beta (built on Mon Jul 4th, 2011). I have +20 remote users and need to assign some users static addresses.
I did not see a setting in the "Client Override" tab that allows for static addresses per user.
Any hints?
-
rkelleyrtp, I don't think you can. If your intent to assign a specific ip so can you filter what the remote users can access based on their ip then their might be a work around. You can carve out a /30 from the /24 or /23 for clients and usually in most cases, the 3rd address from the /30 is the remote user's address. I haven't done it but in theory, that should work. Let me know, I am curious.
-
Hi,
this can easily be done. The key is "Client Specific Override".
For example you are using this as OpenVPN tunnel Network in OpenVPN Server tab:
10.0.1.0/24
It is necessary to know, that OpenVPN is ALWAYS using a /30 subnet for every connection.So the first client will always get the following IP-structure:
10.0.1.4/30 (net-address)
10.0.1.5/30 (server address)
10.0.1.6/30 (client address)
10.0.1.7/30 (broadcast-address)If you want that a client always gets IP address 10.0.1.18 than you have to go to Client Specific override:
There you enter the CN of the certificate of the client and then just enter the /30 subnet, in this case: 10.0.1.16/30Thats all. Then the client with this CN/Cert will alwys get the same IP address.
PS: a /24 subnet will allow you a maximum nuber of 63 OpenVPN clients.
-
Thanks for the info! I am going to give this a try later today and report back.
-
But please chose an actual snapshot from august because there were some bugfixes relating OpenVPN Client Specific Override
-
Nachtfalke, thank you for explaining this!