I am getting problems with the current setting in an OpenVPN via PfSense. The situation is the following:
-
I have created a OpenVPN server in the network 192.168.222.0/24;
-
Created two client certificates, C1 and C2.
-
C1 has 192.168.222.2/24 as its static IPs through "Client Specific Overrides" tab.
- C2 has no special configration (so its IP will be dynamic according to its connection order with OpenVPN server).
When connecting C2 to the OpenVPN server, C2 gets IP 192.168.222.2.
After C2's connection, connecting C1 to the OpenVPN server, C1 gets IP 192.168.222.2 (its static IP address defined in "Client Specific Overrides") OOPS!
How can I prevent OpenVPN server giving C2's static defined IP address to C1?
I tried @Luca Gibelli's answer, and after restarting the server, it stops working. Looking into the logs openvpn is throwing the following error:
Oct 2 17:43:33 openvpn 36651 Use --help for more information.
Oct 2 17:43:33 openvpn 36651 Options error: --server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly
Also, I have found a discussion about this here but with no solutions.
Any way of bypassing this error?
Best Answer
What you are looking for is the
ifconfig-pooloption of OpenVPN. It allows you to specify the IP range of dynamic IP addresses for clients. If you want to assign dynamic IPs in the range 192.168.222.10-254 use:You can add this option under the
Advanced configurationtab of OpenVPN in pfSense.More info: https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html