Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN remote client - assign static address?

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 10.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rkelleyrtp
      last edited by

      Greetings all,

      Hopefully this is not covered somewhere else, but how can I assign a specific IP address to an OpenVPN client?  I am running pfSense 2.0 Beta (built on Mon Jul 4th, 2011).  I have +20 remote users and need to assign some users static addresses.

      I did not see a setting in the "Client Override" tab that allows for static addresses per user.

      Any hints?

      1 Reply Last reply Reply Quote 0
      • P
        probie
        last edited by

        rkelleyrtp, I don't think you can.  If your intent to assign a specific ip so can you filter what the remote users can access based on their ip then their might be a work around.  You can carve out a /30 from the /24 or /23 for clients and usually in most cases, the 3rd address from the /30 is the remote user's address.  I haven't done it but in theory, that should work.  Let me know, I am curious.

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by

          Hi,

          this can easily be done. The key is "Client Specific Override".

          For example you are using this as OpenVPN tunnel Network in OpenVPN Server tab:
          10.0.1.0/24
          It is necessary to know, that OpenVPN is ALWAYS using a /30 subnet for every connection.

          So the first client will always get the following IP-structure:
          10.0.1.4/30 (net-address)
          10.0.1.5/30 (server address)
          10.0.1.6/30 (client address)
          10.0.1.7/30 (broadcast-address)

          If you want that a client always gets IP address 10.0.1.18 than you have to go to Client Specific override:
          There you enter the CN of the certificate of the client and then just enter the /30 subnet, in this case: 10.0.1.16/30

          Thats all. Then the client with this CN/Cert will alwys get the same IP address.

          PS: a /24 subnet will allow you a maximum nuber of 63 OpenVPN clients.

          1 Reply Last reply Reply Quote 0
          • R
            rkelleyrtp
            last edited by

            Thanks for the info!  I am going to give this a try later today and report back.

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              But please chose an actual snapshot from august because there were some bugfixes relating OpenVPN Client Specific Override

              1 Reply Last reply Reply Quote 0
              • B
                bretticus
                last edited by

                Nachtfalke, thank you for explaining this!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.