Wiki

User Tools

Site Tools

Trace:
pfsense:vpn:openvpn:assign_a_fixed_ip_to_a_remote_client

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:vpn:openvpn:assign_a_fixed_ip_to_a_remote_client [2021/02/17 14:12] – [Allocate the fixed IP to the User] peterpfsense:vpn:openvpn:assign_a_fixed_ip_to_a_remote_client [2021/02/19 09:56] (current) – [Configure Firewall Rules for this User] peter
Line 1: Line 1:
 ====== PFSense - VPN - OpenVPN - Assign a fixed IP to a remote client ====== ====== PFSense - VPN - OpenVPN - Assign a fixed IP to a remote client ======
  
-Assigning a fixed IP to a client that connects to a VPN, in particular OpenVPN, with a specific user, can then be used in firewall rules.+By assigning a fixed IP to a client that connects to a VPN allows this IP to be used in firewall rules. 
 + 
 +<WRAP info> 
 +**NOTE:**  It is assumed that an OpenVPN server has already been created and one or more correctly configured users exist. 
 +</WRAP>
  
-It is assumed that an OpenVPN server has already been created and one or more correctly configured users exist. 
  
 ---- ----
Line 11: Line 14:
 Navigate to **VPN -> OpenVPN**. Navigate to **VPN -> OpenVPN**.
  
-In **Servers**, check the network used by the specific VPN Server.+In **Servers**, check the Tunnel Network used by the specific VPN Server.
  
 In this case it is **10.20.30.0/24**. In this case it is **10.20.30.0/24**.
  
-The fixed IP address for the client must be a unique IP within this subnet, lets say for example **10.20.30.69**.+<WRAP info> 
 +**NOTE:**  The fixed IP address for the client must be a unique IP within this subnet
 + 
 +For example **10.20.30.69**. 
 +</WRAP> 
  
 {{:pfsense:vpn:openvpn:pfsense_-_vpn_-_openvpn_-_servers.png?800|}} {{:pfsense:vpn:openvpn:pfsense_-_vpn_-_openvpn_-_servers.png?800|}}
Line 27: Line 35:
 Select the specific user to assign the fixed IP address to. Select the specific user to assign the fixed IP address to.
  
-  * Make a note of the actual name.  Lets assume this is **peter**.+  * Make a note of the actual username.  Lets assume this is **peter**.
  
 {{:pfsense:vpn:openvpn:pfsense_-_system_-_user_manager_-_users.png?800|}} {{:pfsense:vpn:openvpn:pfsense_-_system_-_user_manager_-_users.png?800|}}
Line 42: Line 50:
  
   * Server List:  **Select the desired OpenVPN server**.   * Server List:  **Select the desired OpenVPN server**.
-  * Common Name:  **peter**.  This needs to be the **exact** name of the user+  * Common Name:  **peter**.  This needs to be the **exact** name of the useras identified in the earlier step **Identify the user to whom we want to assign the IP just chosen**.
-    * This should be exactly the same as identified in the earlier step **Identify the user to whom we want to assign the IP just chosen**.+
  
 {{:pfsense:vpn:openvpn:pfsense_-_vpn_-_openvpn_-_client_specific_overrides_-_general_information.png?800|}} {{:pfsense:vpn:openvpn:pfsense_-_vpn_-_openvpn_-_client_specific_overrides_-_general_information.png?800|}}
Line 57: Line 64:
  
 <WRAP info> <WRAP info>
-**NOTE:**  From now on when peter connects to the OpenVPN Server, they will always be assigned the IP 10.20.30.69,+**NOTE:**  From now on when peter connects to the OpenVPN Server, he will always be assigned the IP 10.20.30.69,
 </WRAP> </WRAP>
  
  
 +----
 +
 +===== Test =====
 +
 +Connect to the VPN Server from the Client.
 +
 +Check the IP Address of the Connected Client.
 +
 +Navigate to **Status -> OpenVPN**.
 +
 +  * Check the **Virtual Address**.
 +
 +{{:pfsense:vpn:openvpn:pfsense_-_status_-_openvpn.png?800|}}
  
 ---- ----
Line 66: Line 86:
 ===== Configure Firewall Rules for this User ===== ===== Configure Firewall Rules for this User =====
  
-As we know that User1 will connect with IP 10.10.94.30, we can configure the Firewall Rules using this.+We know that the user, peter, will connect with IP 10.20.30.69.
  
-By placing the IP 10.10.94.30 in the Source field, we can decide which IP our VPN user can access and which ports/services.+Firewall rules can therefore be configured using this IP.
  
-In fact, they are exactly rules as if the OpenVPN interface were a physical interface and User1 was using a PC with a fixed IP.+By placing the IP 10.20.30.69 in the Source field, we can decide which IPs our VPN user can access and which ports/services.
  
-{{:pfsense:vpn:openvpn:pfsense_-_firewall_-_rules_-_openvpn_-_fixed_ip_client.png?800|}}+For example:
  
 +  * Access is granted to IP Address 192.168.1.123 for the user connecting on 10.20.30.69, i.e. peter.
 +  * All other traffic is blocked.
 +
 +{{:pfsense:vpn:openvpn:pfsense_-_firewall_-_rules_-_openvpn_-_updated.png?800|}}
  
 <WRAP info> <WRAP info>
-**NOTE:**  The rules above allow only the address 10.10.94.10, to access the IP 192.168.201.10 (in this example an IP of the LAN) on any port.+**NOTE:**  The last deny rule is not actually needed.
  
-The remaining traffic will be blocked! +It is only put in to to make explicit the deny which in fact is how the firewall behaves if no rule is applied.
- +
-In our example, the last deny rule is actually not needed, we only put it to make explicit the deny which in fact is how the firewall behaves if no rule is applied.+
  
 </WRAP> </WRAP>
 +
 +
  
 ---- ----
Line 88: Line 112:
 ===== References ===== ===== References =====
  
-https://www.firewallhardware.it/en/pfsense-and-openvpn-how-to-assign-a-fixed-ip-on-remote-client/+
pfsense/vpn/openvpn/assign_a_fixed_ip_to_a_remote_client.1613571175.txt.gz · Last modified: 2021/02/17 14:12 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki