Assigning a fixed IP to a client that connects to a VPN, in particular OpenVPN, with a specific user, can then be used in firewall rules.

It is assumed that an OpenVPN server has already been created and one or more correctly configured users exist.

Navigate to VPN → OpenVPN.

In Servers, check the network used by the specific VPN Server.

In this case it is 10.20.30.0/24.

The fixed IP address for the client must be a unique IP within this subnet, lets say for example 10.20.30.69.

Navigate to System → User Manager → Users.

Select the specific user to assign the fixed IP address to.

• Make a note of the actual username. Lets assume this is peter.

Navigate to VPN → OpenVPN → Client Specific Overrides.

Click Add.

In General Information:

• Server List: Select the desired OpenVPN server.
• Common Name: peter. This needs to be the exact name of the user.
  • This should be exactly the same as identified in the earlier step Identify the user to whom we want to assign the IP just chosen.

In Client Settings:

• Advanced Settings: ifconfig-push 10.20.30.69 255.255.255.0.

• Click Save.

Connect to the VPN Server from the Client.

Check the IP Address of the Connected Client.

Navigate to Status → OpenVPN.

• Check the Virtual Address.

We know that the user, peter, will connect with IP 10.20.30.69.

Firewall rules can therefore be configured using this IP.

By placing the IP 10.20.30.69 in the Source field, we can decide which IP our VPN user can access and which ports/services.

In fact, they are exactly rules as if the OpenVPN interface were a physical interface and User1 was using a PC with a fixed IP.

https://www.firewallhardware.it/en/pfsense-and-openvpn-how-to-assign-a-fixed-ip-on-remote-client/