OpenVPN remote client - assign static address?



  • Greetings all,

    Hopefully this is not covered somewhere else, but how can I assign a specific IP address to an OpenVPN client?  I am running pfSense 2.0 Beta (built on Mon Jul 4th, 2011).  I have +20 remote users and need to assign some users static addresses.

    I did not see a setting in the "Client Override" tab that allows for static addresses per user.

    Any hints?



  • rkelleyrtp, I don't think you can.  If your intent to assign a specific ip so can you filter what the remote users can access based on their ip then their might be a work around.  You can carve out a /30 from the /24 or /23 for clients and usually in most cases, the 3rd address from the /30 is the remote user's address.  I haven't done it but in theory, that should work.  Let me know, I am curious.



  • Hi,

    this can easily be done. The key is "Client Specific Override".

    For example you are using this as OpenVPN tunnel Network in OpenVPN Server tab:
    10.0.1.0/24
    It is necessary to know, that OpenVPN is ALWAYS using a /30 subnet for every connection.

    So the first client will always get the following IP-structure:
    10.0.1.4/30 (net-address)
    10.0.1.5/30 (server address)
    10.0.1.6/30 (client address)
    10.0.1.7/30 (broadcast-address)

    If you want that a client always gets IP address 10.0.1.18 than you have to go to Client Specific override:
    There you enter the CN of the certificate of the client and then just enter the /30 subnet, in this case: 10.0.1.16/30

    Thats all. Then the client with this CN/Cert will alwys get the same IP address.

    PS: a /24 subnet will allow you a maximum nuber of 63 OpenVPN clients.



  • Thanks for the info!  I am going to give this a try later today and report back.



  • But please chose an actual snapshot from august because there were some bugfixes relating OpenVPN Client Specific Override



  • Nachtfalke, thank you for explaining this!


Locked