Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN - static client IP address to a user
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN - static client IP address to a user (Read 14094 times)
superfox
Newbie
Posts: 23
Karma: 0
OpenVPN - static client IP address to a user
«
on:
April 05, 2018, 01:10:13 pm »
Hey there, OPNsense community :-)
I was wondering how to assign a static VPN client IP address to a connecting user?
This is important, if you want to have user-specific firewall rules for your tunnel network.
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: OpenVPN - static client IP address to a user
«
Reply #1 on:
April 05, 2018, 03:45:18 pm »
From the OpenVPN docs:
--ifconfig-pool-persist file [seconds]
Persist/unpersist ifconfig-pool data to file, at seconds intervals (default=600), as well as on program startup and shutdown. The goal of this option is to provide a long-term association between clients (denoted by their common name) and the virtual IP address assigned to them from the ifconfig-pool. Maintaining a long-term association is good for clients because it allows them to effectively use the --persist-tun option.
file is a comma-delimited ASCII file, formatted as <Common-Name>,<IP-address>. If seconds = 0, file will be treated as read-only. This is useful if you would like to treat file as a configuration file.
Note that the entries in this file are treated by OpenVPN as suggestions only, based on past associations between a common name and IP address. They do not guarantee that the given common name will always receive the given IP address. If you want guaranteed assignment, use --ifconfig-push
If you have different groups of VPN clients with different security policies, you may be better off running two OpenVPN servers on different ports and set different firewall rules for each tunnel.
Bart...
Logged
superfox
Newbie
Posts: 23
Karma: 0
Re: OpenVPN - static client IP address to a user
«
Reply #2 on:
April 09, 2018, 03:48:24 pm »
OK, thanks, i see.
So this is not included as a feature of OPNsense itself, at the moment(?)
I would prefer it as a basic feature, so i'll do a feature-request.
Or maybe there´s already a plugin enhancement, someone knows?
Based on your description, how do i create the needed file up on the system?
A second OpenVPN-instance is an idea, but it´s also another reachable service...
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: OpenVPN - static client IP address to a user
«
Reply #3 on:
April 10, 2018, 08:16:48 am »
OPNsense implements a wrapper around OpenVPN, which is otherwise largely unchanged. You add the 'ifconfig-pool-persist clientips.txt' option to the 'Advanced' section at the bottom of the edit server page.
As for a second server, it uses the same binaries and options, so not really another reachable service. I see it more as forks of the same daemon with a different destination port ;-)
Bart...
Logged
superfox
Newbie
Posts: 23
Karma: 0
Re: OpenVPN - static client IP address to a user
«
Reply #4 on:
April 11, 2018, 09:47:17 am »
After adding the option, restarting and reconnecting a client, the file was created under /usr/local/www/clientips.txt
Because the file was empty, i inserted: myusername,172.28.28.55
It is an address from within the tunnel network.
The ip-address was never assigned to a connecting client.
Am i doing it wrong? :-)
What I've observed is that a client seems to always get the same address.
What information does this depend on?
How does this mechanism work?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: OpenVPN - static client IP address to a user
«
Reply #5 on:
April 11, 2018, 11:03:59 am »
There was a FR for setting this up with Radius, I can try ping to get this started ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
beren
Newbie
Posts: 8
Karma: 0
Re: OpenVPN - static client IP address to a user
«
Reply #6 on:
February 14, 2019, 08:42:29 pm »
Would be nice to also get an interface to assign the client a static ip and not have to use the ifconfig-push line in advanced.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: OpenVPN - static client IP address to a user
«
Reply #7 on:
February 14, 2019, 10:21:54 pm »
Isnt this already possible?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Akitoo
Newbie
Posts: 5
Karma: 0
Re: OpenVPN - static client IP address to a user
«
Reply #8 on:
November 28, 2019, 05:05:19 pm »
Any updates on this topic?
Logged
flehmann
Newbie
Posts: 17
Karma: 2
Re: OpenVPN - static client IP address to a user
«
Reply #9 on:
March 16, 2020, 07:44:23 pm »
FYI:
https://www.andysblog.de/opnsense-openvpn-und-feste-ip-adressen-fuer-benutzer
Logged
ravenmaster887
Newbie
Posts: 4
Karma: 2
Re: OpenVPN - static client IP address to a user
«
Reply #10 on:
August 03, 2023, 03:33:06 pm »
Hello together,
after updated to 23.7 the advanced option under VPN - OpenVPN - Client Specific Overrides is not available any more. this option to set a static client IP adresse to a OpenVPN user is no more possible.
Do you have an idea how can i set a static IP over another way?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OpenVPN - static client IP address to a user
«
Reply #11 on:
August 03, 2023, 04:57:36 pm »
Only post once, I already replied with the answer and there was another thread also where this was discussed
https://forum.opnsense.org/index.php?topic=35149.0
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OpenVPN - static client IP address to a user