Assigning a fixed IP to a client that connects to a VPN, in particular OpenVPN, with a specific user, can then be used in firewall rules.

It is assumed that an OpenVPN server has already been created and one or more correctly configured users exist.

Identify an IP address that must belong to the VPN network that cannot be assigned to other users.

Lets say the assigned network is 10.10.94.0/24 and therefore we have chosen the IP 10.10.94.30 for this user.

Subsequently, we precisely identify the user to whom we want to assign the IP just chosen, checking from System → User Manager → Users.

Select the specific user to assign the fixed IP address to. Lets assume this is User1.

Navigate to VPN → OpenVPN → Client Specific Overrides.

Click Add.

Select the desired OpenVpn server if there are more than one.

Write the exact name of the user in the Common Name field; in our example: User1. This should be exactly the same in the above “Select the specific user to assign the fixed IP address to.” step.

Go to the bottom of the page and enter in Advanced Settings: ifconfig-push 10.10.94.30 255.255.255.0.

Click Save.

As we know that User1 will connect with IP 10.10.94.30, we can configure the Firewall Rules using this.

By placing the IP 10.10.94.30 in the Source field, we can decide which IP our VPN user can access and which ports/services.

In fact, they are exactly rules as if the OpenVPN interface were a physical interface and User1 was using a PC with a fixed IP.