Fixed IP's on OpenVPN



  • I'm just a beginner on OpenVPN, so I hope my question isn't very dumb:

    I've set up an easy OpenVPN connection with the pfsense and added 5 clients. I noticed by testing each client they received different remote IP's and different server IP's. So I can image OPenVPN uses an unique server- and remote IP for every connection. How can I use fixed IP's for every client?

    Thanks for your reactions



  • Take a look at the "client specific configuration"



  • Hi GruensFroeschli,

    Thanks for your reaction. But I'm just a beginner on OpenVPN.

    I've searched the pfsense forum and on openvpn, but I couldn't find the correct rules to get this right. I'm using the standard UDP protocol for the connection. What rule(s) do I have to add to the client configuration or to the pfsense? My client setup is as follows:

    client
    dev tun
    proto udp
    remote xx.xx.xx.xx 1194

    #resolv-retry infinite

    Most clients don't need to bind to

    a specific local port number.

    #nobind

    persist-key
    persist-tun

    #mute-replay-warnings
    ca ca.crt
    cert client01.crt
    key client01.key

    #ns-cert-type server

    If a tls-auth key is used on the server

    then every client must also have the key.

    #tls-auth ta.key 1

    Select a cryptographic cipher.

    If the cipher option is used on the server

    then you must also specify it here.

    #cipher x

    comp-lzo
    verb 3

    Silence repeating messages

    #mute 20



  • you use the client-config-dir ccd directive in your server config, and create unique config files for each client in the ccd directory which contain the ip's you want static for each client (and the corresponding static server ip openvpn will use)

    so like you'd have /usr/local/etc/openvpn/ccd/  (or wherever pfsense stores it)  and have files in there for each client like client1 might say

    ifconfig-push 10.8.1.1 10.8.1.2

    client2's file :

    ifconfig-push 10.8.1.5 10.8.1.6

    http://openvpn.net/howto.html#policy



  • What Valhalla1 said :)

    If you set up OpenVPN yourself you would have to write these files yourself.
    But on pfSense they will get created automatically if you just create a client specific configuration on the respective tab in the GUI.


Log in to reply