Wiki

User Tools

Site Tools

Trace:
pfsense:vpn:openvpn:assign_a_fixed_ip_to_a_remote_client

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:vpn:openvpn:assign_a_fixed_ip_to_a_remote_client [2020/11/29 23:21] peterpfsense:vpn:openvpn:assign_a_fixed_ip_to_a_remote_client [2021/02/19 09:56] (current) – [Configure Firewall Rules for this User] peter
Line 1: Line 1:
 ====== PFSense - VPN - OpenVPN - Assign a fixed IP to a remote client ====== ====== PFSense - VPN - OpenVPN - Assign a fixed IP to a remote client ======
  
-Assigning a fixed IP to a client that connects to a VPN, in particular OpenVPN, with a specific user, can then be used in firewall rules.+By assigning a fixed IP to a client that connects to a VPN allows this IP to be used in firewall rules. 
 + 
 +<WRAP info> 
 +**NOTE:**  It is assumed that an OpenVPN server has already been created and one or more correctly configured users exist. 
 +</WRAP>
  
-It is assumed that an OpenVPN server has already been created and one or more correctly configured users exist. 
  
 ---- ----
  
-===== Configure the Client Specific Overrides in OpenVPN =====+===== Identify a fixed IP address for the Client to use ======
  
-Identify an IP address that must belong to the VPN network that cannot be assigned to other users.+Navigate to **VPN -> OpenVPN**.
  
-Lets say the assigned network is 10.10.94.0/24 and therefore we have chosen the IP 10.10.94.30 for this user.+In **Servers**, check the Tunnel Network used by the specific VPN Server.
  
-Subsequently, we precisely identify the user to whom we want to assign the IP just chosen, checking from **System -> User Manager -> Users**.+In this case it is **10.20.30.0/24**.
  
 +<WRAP info>
 +**NOTE:**  The fixed IP address for the client must be a unique IP within this subnet.
  
-Select the specific user to assign the fixed IP address to.  Lets assume this is **User1**.+For example **10.20.30.69**. 
 +</WRAP> 
 + 
 + 
 +{{:pfsense:vpn:openvpn:pfsense_-_vpn_-_openvpn_-_servers.png?800|}} 
 + 
 +---- 
 + 
 +===== Identify the user to whom we want to assign the IP just chosen ===== 
 + 
 +Navigate to **System -> User Manager -> Users**. 
 + 
 +Select the specific user to assign the fixed IP address to
 + 
 +  * Make a note of the actual username.  Lets assume this is **peter**. 
 + 
 +{{:pfsense:vpn:openvpn:pfsense_-_system_-_user_manager_-_users.png?800|}} 
 + 
 +---- 
 + 
 +===== Allocate the fixed IP to the User =====
  
 Navigate to **VPN -> OpenVPN -> Client Specific Overrides**. Navigate to **VPN -> OpenVPN -> Client Specific Overrides**.
Line 22: Line 47:
 Click **Add**. Click **Add**.
  
-Select the desired OpenVpn server if there are more than one.+In **General Information**:
  
-Write the exact name of the user in the **Common Name** field; in our example: User1.  This should be exactly the same in the above "Select the specific user to assign the fixed IP address to." step.+  * Server List:  **Select the desired OpenVPN server**. 
 +  * Common Name:  **peter**.  This needs to be the **exact** name of the user, as identified in the earlier step **Identify the user to whom we want to assign the IP just chosen**.
  
-Go to the bottom of the page and enter in Advanced Settings**ifconfig-push 10.10.94.30 255.255.255.0**.+{{:pfsense:vpn:openvpn:pfsense_-_vpn_-_openvpn_-_client_specific_overrides_-_general_information.png?800|}}
  
-Click **Save**.+In **Client Settings**: 
 + 
 +  * Advanced Settings:  **ifconfig-push 10.20.30.69 255.255.255.0**. 
 + 
 +{{:pfsense:vpn:openvpn:pfsense_-_vpn_-_openvpn_-_client_specific_overrides_-_client_settings.png?800|}} 
 + 
 + 
 +  * Click **Save**.
  
 <WRAP info> <WRAP info>
-**NOTE:**  From now on when User1 connects to the OpenVPN VPNthey will always be assigned the IP 10.10.94.30,+**NOTE:**  From now on when peter connects to the OpenVPN Serverhe will always be assigned the IP 10.20.30.69,
 </WRAP> </WRAP>
 +
  
 ---- ----
 +
 +===== Test =====
 +
 +Connect to the VPN Server from the Client.
 +
 +Check the IP Address of the Connected Client.
 +
 +Navigate to **Status -> OpenVPN**.
 +
 +  * Check the **Virtual Address**.
 +
 +{{:pfsense:vpn:openvpn:pfsense_-_status_-_openvpn.png?800|}}
 +
 +----
 +
 +===== Configure Firewall Rules for this User =====
 +
 +We know that the user, peter, will connect with IP 10.20.30.69.
 +
 +Firewall rules can therefore be configured using this IP.
 +
 +By placing the IP 10.20.30.69 in the Source field, we can decide which IPs our VPN user can access and which ports/services.
 +
 +For example:
 +
 +  * Access is granted to IP Address 192.168.1.123 for the user connecting on 10.20.30.69, i.e. peter.
 +  * All other traffic is blocked.
 +
 +{{:pfsense:vpn:openvpn:pfsense_-_firewall_-_rules_-_openvpn_-_updated.png?800|}}
 +
 +<WRAP info>
 +**NOTE:**  The last deny rule is not actually needed.
 +
 +It is only put in to to make explicit the deny which in fact is how the firewall behaves if no rule is applied.
 +
 +</WRAP>
 +
 +
 +
 +----
 +
 +===== References =====
  
  
pfsense/vpn/openvpn/assign_a_fixed_ip_to_a_remote_client.1606692085.txt.gz · Last modified: 2020/11/29 23:21 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki