Hello everybody
I've setup an openvpn server to serve both our company employees and one external collaborator. I'm assigning IP addresses and pushing specific routes to every single client using ccd directory files. I set up ufw with different rules for the employees and the external guy, based on their IP. But what about if one of them forces another IP address of the same subnet on his openvpn client adapter? I think that is possible and will cause my firewall rules not to work how I designed them. Is there a way to strictly assign a static IP address to a client? I mean traffic not flowing on the tunnel if the client changes his address by his own, or something similar? Or the only way is to split the vpn in two different vpns on different ports?
Thank you
Strictly assign an IP address to a client
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Apr 13, 2023 7:23 pm
-
- OpenVPN Power User
- Posts: 65
- Joined: Mon Dec 12, 2016 6:07 pm
Re: Strictly assign an IP address to a client
You can assign a client a specific IP in the CCD file. For example:
ifconfig-push 10.8.0.11 255.255.255.0
ifconfig-push 10.8.0.11 255.255.255.0