OpenVPN remote client - assign static address?

  • Greetings all,

    Hopefully this is not covered somewhere else, but how can I assign a specific IP address to an OpenVPN client?  I am running pfSense 2.0 Beta (built on Mon Jul 4th, 2011).  I have +20 remote users and need to assign some users static addresses.

    I did not see a setting in the "Client Override" tab that allows for static addresses per user.

    Any hints?

  • rkelleyrtp, I don't think you can.  If your intent to assign a specific ip so can you filter what the remote users can access based on their ip then their might be a work around.  You can carve out a /30 from the /24 or /23 for clients and usually in most cases, the 3rd address from the /30 is the remote user's address.  I haven't done it but in theory, that should work.  Let me know, I am curious.

  • Hi,

    this can easily be done. The key is "Client Specific Override".

    For example you are using this as OpenVPN tunnel Network in OpenVPN Server tab:
    It is necessary to know, that OpenVPN is ALWAYS using a /30 subnet for every connection.

    So the first client will always get the following IP-structure: (net-address) (server address) (client address) (broadcast-address)

    If you want that a client always gets IP address than you have to go to Client Specific override:
    There you enter the CN of the certificate of the client and then just enter the /30 subnet, in this case:

    Thats all. Then the client with this CN/Cert will alwys get the same IP address.

    PS: a /24 subnet will allow you a maximum nuber of 63 OpenVPN clients.

  • Thanks for the info!  I am going to give this a try later today and report back.

  • But please chose an actual snapshot from august because there were some bugfixes relating OpenVPN Client Specific Override

  • Nachtfalke, thank you for explaining this!

Log in to reply