Assigning a fixed IP to a client that connects to a VPN, in particular OpenVPN, with a specific user, can then be used in firewall rules.

It is assumed that an OpenVPN server has already been created and one or more correctly configured users exist.

Navigate to VPN → OpenVPN.

In Servers, check the network used by the specific VPN Server.

In this case it is 10.20.30.0/24.

The fixed IP address for the client must be a unique IP within this subnet, lets say for example 10.20.30.69.

Navigate to System → User Manager → Users.

Select the specific user to assign the fixed IP address to.

• Make a note of the actual name. Lets assume this is peter.

Navigate to VPN → OpenVPN → Client Specific Overrides.

Click Add.

In General Information:

• Server List: Select the desired OpenVPN server.
• Common Name: peter. This needs to be the exact name of the user.
  • This should be exactly the same as identified in the earlier step Identify the user to whom we want to assign the IP just chosen.

In Client Settings:

• Advanced Settings: ifconfig-push 10.20.30.69 255.255.255.0.

• Click Save.

As we know that User1 will connect with IP 10.10.94.30, we can configure the Firewall Rules using this.

By placing the IP 10.10.94.30 in the Source field, we can decide which IP our VPN user can access and which ports/services.

In fact, they are exactly rules as if the OpenVPN interface were a physical interface and User1 was using a PC with a fixed IP.

https://www.firewallhardware.it/en/pfsense-and-openvpn-how-to-assign-a-fixed-ip-on-remote-client/