Fixed IP's on OpenVPN

SourceFinder · Jun 28, 2008, 2:40 PM

I'm just a beginner on OpenVPN, so I hope my question isn't very dumb:

I've set up an easy OpenVPN connection with the pfsense and added 5 clients. I noticed by testing each client they received different remote IP's and different server IP's. So I can image OPenVPN uses an unique server- and remote IP for every connection. How can I use fixed IP's for every client?

Thanks for your reactions

GruensFroeschli · Jun 28, 2008, 2:42 PM

Take a look at the "client specific configuration"

SourceFinder · Jun 28, 2008, 4:15 PM

Hi GruensFroeschli,

Thanks for your reaction. But I'm just a beginner on OpenVPN.

I've searched the pfsense forum and on openvpn, but I couldn't find the correct rules to get this right. I'm using the standard UDP protocol for the connection. What rule(s) do I have to add to the client configuration or to the pfsense? My client setup is as follows:

client
dev tun
proto udp
remote xx.xx.xx.xx 1194

#resolv-retry infinite

Most clients don't need to bind to

a specific local port number.

#nobind

persist-key
persist-tun

#mute-replay-warnings
ca ca.crt
cert client01.crt
key client01.key

#ns-cert-type server

If a tls-auth key is used on the server

then every client must also have the key.

#tls-auth ta.key 1

Select a cryptographic cipher.

If the cipher option is used on the server

then you must also specify it here.

#cipher x

comp-lzo
verb 3

Silence repeating messages

#mute 20

Valhalla1 · Jun 29, 2008, 7:56 AM

you use the client-config-dir ccd directive in your server config, and create unique config files for each client in the ccd directory which contain the ip's you want static for each client (and the corresponding static server ip openvpn will use)

so like you'd have /usr/local/etc/openvpn/ccd/ (or wherever pfsense stores it) and have files in there for each client like client1 might say

ifconfig-push 10.8.1.1 10.8.1.2

client2's file :

ifconfig-push 10.8.1.5 10.8.1.6

http://openvpn.net/howto.html#policy

GruensFroeschli · Jun 29, 2008, 12:11 PM

What Valhalla1 said :)

If you set up OpenVPN yourself you would have to write these files yourself.
But on pfSense they will get created automatically if you just create a client specific configuration on the respective tab in the GUI.