Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
[SOLVED] Cannot get OpenVPN fixed client IP addresses to work
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Cannot get OpenVPN fixed client IP addresses to work (Read 509 times)
gdur
Full Member
Posts: 124
Karma: 2
[SOLVED] Cannot get OpenVPN fixed client IP addresses to work
«
on:
July 18, 2024, 09:14:32 pm »
Last year I ran into a similar problem
https://forum.opnsense.org/index.php?topic=35447.msg172767
but that was solved somehow. During the OPNsense upgrades hereafter OpenVPN wouldn't upgrade anymore and got stuck at version 2.6.10. I did not bother too much as clients were still able to log into OpenVPN.
Now I'm setting up a new server and using the new Instance option for OpenVPN. Everything was rapidly up and running but I could not get assigning a fixed client IP address to work, no matter what option I tried after a whole afternoon Googling for a solution. None of the suggestions found solved the problem.
At last I decided to copy the settings of a working Legacy Server and Client from my "old" working FW but with that I stumbled into other problems. With the exact copy of Legacy settings from my old FW I all the time get a TLS Error: TLS handshake failed and the only difference is the newer OpenVPN version 2.6.11.
Does anyone know a proper guide on how to setup an Instance with fixed client addresses?
«
Last Edit: July 22, 2024, 07:12:15 am by gdur
»
Logged
tiermutter
Hero Member
Posts: 1095
Karma: 61
Re: Cannot get OpenVPN fixed client IP addresses to work
«
Reply #1 on:
July 18, 2024, 09:37:09 pm »
Would be good to see what is already set up
Having a working ovpn instance there should be nothing more to do than adding CSO with two simple configurations:
Common name = Client / User name
IPv4 (and/or v6) Tunnel Network = IP to be assigned
Logged
i am not an expert... just trying to help...
gdur
Full Member
Posts: 124
Karma: 2
Re: Cannot get OpenVPN fixed client IP addresses to work
«
Reply #2 on:
July 18, 2024, 11:01:15 pm »
CSO has been setup correctly but won't assign the given IP address.
Network is: 192.168.80.0/24
CSO IPv4 Tunnel Network is 192.168.80.5/24
IP address given is 192.168.80.2
Works on my "old" FW.
Logged
gdur
Full Member
Posts: 124
Karma: 2
[SOLVED] Re: Cannot get OpenVPN fixed client IP addresses to work
«
Reply #3 on:
July 19, 2024, 10:13:51 am »
[SOLVED] because I've got it to work but [NOT SOLVED] because I don't understand why.
After a hairpulling night I decided to assign another user and that worked right away(
).
So next I added all the users who should have VPN access and all worked fine with the proper assigned IP address.
After a deep thought I remembered that the only difference I could think of was that with the first account I struggled with I had generated the client Certificate in System->Trust->Certificates and NOT using the System-> Access->Users page option used for the other clients. Not that I believe it matters but for completeness I should say that all users are imported from a LDAP server.
So I unlinked in the Cert of my first troublesome user in the System-> Access->Users page and created a new client Cert from the same page. Exported the config and voila it worked as should.
Now I'd like to understand why a Cert generated in System->Trust->Certificates caused this problem. This maybe something for the developers to sort out.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
[SOLVED] Cannot get OpenVPN fixed client IP addresses to work