Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN remote client - assign static address?

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 10.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rkelleyrtp
      last edited by

      Greetings all,

      Hopefully this is not covered somewhere else, but how can I assign a specific IP address to an OpenVPN client?  I am running pfSense 2.0 Beta (built on Mon Jul 4th, 2011).  I have +20 remote users and need to assign some users static addresses.

      I did not see a setting in the "Client Override" tab that allows for static addresses per user.

      Any hints?

      1 Reply Last reply Reply Quote 0
      • P Offline
        probie
        last edited by

        rkelleyrtp, I don't think you can.  If your intent to assign a specific ip so can you filter what the remote users can access based on their ip then their might be a work around.  You can carve out a /30 from the /24 or /23 for clients and usually in most cases, the 3rd address from the /30 is the remote user's address.  I haven't done it but in theory, that should work.  Let me know, I am curious.

        1 Reply Last reply Reply Quote 0
        • N Offline
          Nachtfalke
          last edited by

          Hi,

          this can easily be done. The key is "Client Specific Override".

          For example you are using this as OpenVPN tunnel Network in OpenVPN Server tab:
          10.0.1.0/24
          It is necessary to know, that OpenVPN is ALWAYS using a /30 subnet for every connection.

          So the first client will always get the following IP-structure:
          10.0.1.4/30 (net-address)
          10.0.1.5/30 (server address)
          10.0.1.6/30 (client address)
          10.0.1.7/30 (broadcast-address)

          If you want that a client always gets IP address 10.0.1.18 than you have to go to Client Specific override:
          There you enter the CN of the certificate of the client and then just enter the /30 subnet, in this case: 10.0.1.16/30

          Thats all. Then the client with this CN/Cert will alwys get the same IP address.

          PS: a /24 subnet will allow you a maximum nuber of 63 OpenVPN clients.

          1 Reply Last reply Reply Quote 0
          • R Offline
            rkelleyrtp
            last edited by

            Thanks for the info!  I am going to give this a try later today and report back.

            1 Reply Last reply Reply Quote 0
            • N Offline
              Nachtfalke
              last edited by

              But please chose an actual snapshot from august because there were some bugfixes relating OpenVPN Client Specific Override

              1 Reply Last reply Reply Quote 0
              • B Offline
                bretticus
                last edited by

                Nachtfalke, thank you for explaining this!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.