Strictly assign an IP address to a client

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
alefello
OpenVpn Newbie
Posts: 2
Joined: Thu Apr 13, 2023 7:23 pm

Strictly assign an IP address to a client

Post by alefello » Thu Apr 13, 2023 7:30 pm

Hello everybody

I've setup an openvpn server to serve both our company employees and one external collaborator. I'm assigning IP addresses and pushing specific routes to every single client using ccd directory files. I set up ufw with different rules for the employees and the external guy, based on their IP. But what about if one of them forces another IP address of the same subnet on his openvpn client adapter? I think that is possible and will cause my firewall rules not to work how I designed them. Is there a way to strictly assign a static IP address to a client? I mean traffic not flowing on the tunnel if the client changes his address by his own, or something similar? Or the only way is to split the vpn in two different vpns on different ports?

Thank you

maxburn
OpenVPN Power User
Posts: 65
Joined: Mon Dec 12, 2016 6:07 pm

Re: Strictly assign an IP address to a client

Post by maxburn » Tue Apr 25, 2023 6:08 pm

You can assign a client a specific IP in the CCD file. For example:

ifconfig-push 10.8.0.11 255.255.255.0

Post Reply