Static IP's
-
Simple question. Hopefully has a simple question like a line in the client config or something…
Can we give remote clients static ip's?
-
I'm no expert, but I've created several instances of pfsense + OpenVPN, and it always seems to consistently give the same IP to a user. The IPs always seem to be 4 apart as well. My VPN subnet was 192.168.2.0/24, and my first defined user always got 192.168.2.6, the next got 192.168.2.10, etc. I've never seen a case where, once the IP has been assigned to a VPN user, the IP address changes.
-
This line in the log leads me to believe its possible:
MULTI: no dynamic or static remote –ifconfig address is available for<machine name=""></machine>
-
I may be onto something
http://michlstechblog.info/blog/openvpn-set-a-static-ip-address-for-a-client/
But I'm having trouble locating the openvpn config file. Where can this be found?
-
Alrite, got this figured out….almost. Using the pfsense gui it was quite easy. This is for those who are not comfortable using the command line. Those comfortable with the command line easily follow these steps as well.
1. Install File Manager package
2. Create the folder:/ect/openvpn/staticclients
3. In your openvpn instance all the way at the bottom in Advanced configuration enter
client-config-dir /etc/openvpn/staticclients
4. For each client there must be a file named after it in the aforementioned folder. No file extension.
5. In that file enter your static ip and subnet
ifconfig-push <ip><subnet>Example:
ifconfig-push 192.168.5.10 255.255.255.0
6. Connect your client.
I can connect, however, my client is complaining about not having a gateway. what is the syntax to add a gateway via ifconfig?
Fri Jan 31 15:42:47 2014 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options</subnet></ip>
-
I thought you could do this in the webGUI with Client Specific Overrides - for each client certificate, specify the various settings you want to give that client, like the tunnel network you want it to use (inside the overall tunnel). Give a /30 to each client and the resulting client IP address is fixed.