another OpenVPN Clients Static IP Post

[Exzellius]

Hey guys,

yes, yes I know ... I read all the posts about making it possible for OpenVPN clients to have a static IP so you can filter them in the firewall, but none of the solutions listed work in my environment.
So I decided to open another post with my setup to check if I am missing something obvious, bear with me please.

Config:
- OpnSense with Public WAN IP Address
- OpenVPN Server on non-default port
- can connect to OpenVPN Server without issue and get assigned a IP-address from the setting "IPv4 Tunnel Network"
- relevant settings (I believe):
IPv4 Tunnel Network: 10.0.0.0/24
Dynamic IP: NOT checked
Topology: NOT checked
Use common name: checked
- currently no Client Specific Overrides, but tried with them too

What I tried:
I tried Client Specific Overrides with IPv4 Tunnel Network set to 10.0.0.100/32 and 10.0.0.100/24, neither worked and I still got assigned my old IP address on my client.
I tried configuring a client (do I need this?) with IPv4 Tunnel Network set to 10.0.0.100/32 and 10.0.0.100/24, neither worked and I still got assigned my old IP address on my client.
Also tried both of the above with Topology checked in the server configuration.

Any pointers what I have to configure to get this going?
Any help is greatly appreciated.

Best regards,
Ex

[bartjsmit]

If you want to apply different security policies for different clients, you should enforce separation on your firewall, rather than rely on the clients to play nice.

Set up separate OpenVPN servers for each group of users with different ports and apply your firewall rules on them.

Bart...

[Exzellius]

Hey Bart,

appreciate the response.
In that case, I would also need the setting "Enforce local group" in the server config, right?
Else a user could simply switch the port and bypass my rules.

Best regards,
Ex

[bartjsmit]

If you configure your OpenVPN servers, with their own (different) static key, then clients can change their port, but they would not get connected.