Ensuring geting same IP for a client



  • I'm currently using remote access (SSL/TLS+User Auth) (TUN) with a cert. Is there a way to force a particular user client to always use the same IP address? My home LAN is on a 192.168.x.y/24 address system and the tunnel is on a 10.10.x.y/24. Everything is working perfect, but was curious if I could force user bob to the same IP on 10.10.x.y/24 address everytime he logs in.


  • Netgate

    Pretty sure you can do that by pushing an ifconfig command in a client-specific override.

    Can't remember the exact format.  I think the format depends on whether you're using topology subnet or topology net30.

    For net30 it's something like push "ifconfig 10.10.10.2 10.10.10.1" or something.

    Hopefully that's enough to get you going in the right direction.


  • Banned

    Unless it's already used. :P Make sure you create a big enough "pool", limit the number of connections as needed and use IPs from the end of the available range for this "static" assignment…