Assign static IP to OpenVPN user

[saurabh.manandhar]

Hi,
I have been trying to setup OpenVPN to assign static IP to VPN users. I have tried using Client Specific Overrides as follows:

Common name set as username,
IPv4 Tunnel Network set as a subnet of main tunnel (IPv4 Tunnel Network on Server is x.y.z.0/24, and this subnet is x.y.z.256/30)

I have tried with setting up IPv4 Local network set as nothing and x.y.z.258/32

I have also tried setting up advanced settings with "ifconfig-push x.y.z.257 x.y.z.258", "ifconfig-push x.y.z.258 x.y.z.257", "ifconfig-push x.y.z.257 255.255.255.0" and "ifconfig-push x.y.z.257 255.255.255.255"

I have tried restarting OpenVPN service

So far nothing works.

Do I have to re-create the .ovpn file and import again?  Do I have to generate user certificates? Currently I have setup to use only username/password as authentication method.

Any help will be greatly appreciated.

I am new to OpnSense, so if you need any configs and logs, I would appreciate if you can point me the location of those files.

Apologies for my language.

[alie2n]

Hi,
first of all your ip adresses are off. Any octet cannot be bigger than "255".  ;)

Then the syntax depend on the topology your openvpn server uses (default: topology net30) und what clients you are serving.
For topology net30 (default) and windows clients the following syntax is correct:

Code Select Expand

ifconfig-push x.y.z.105 x.y.z.106

The valid ip adress pairs can be viewed by executing the openvpn binary on the windows client with the following parameter:

Code Select Expand

"c:\Program Files\OpenVPN\bin\openvpn.exe" --show-valid-subnets

[saurabh.manandhar]

Hi,
Thanks for your response.

In regards to IP I orignally posted, they were typos, I meant 158 and so on. Apologies for that mistake.

The topology is configured to subnet. I have set the following

Code Select Expand

ifconfig-push x.y.z.158 255.255.255.0

I tried setting this up from GUI (VPN>OpenVPN>Client Specific Override><username>>Advanced Settings, but it does not work.
Then I created a file with <username> as filename in /var/etc/openvpn-csc/1/ and put the line in it. After this, it works flawlessly.

P.S.
I have upgraded the system to OPNsense 20.7.3 after my original post

So far, I have been using this method as a workaround, because I don't have a lot of users for this VPN server. However, I would like to have more permanent solution where I can set this up using GUI.

[Matt Hutchinson]

I've gotten this to work:
In Client Specific Overrides, enter, for example, 192.168.111.5/24 for IPv4 Tunnel Network. The client is given 192.168.111.5.

I also had "ifconfig-push 192.168.111.5 255.255.255.0;" in the Advanced box. Putting this in the Advanced box by itself doesn't seem to work. Also, when testing this, I restarted the server a few times after making changes, but not every time, so I'm not sure if restarting the server is needed or not.