NEW LOCATION

Olá Brazil Brazil NVMe-powered VPS Plans in Brazil Now Available.

Deploy Instantly
  • +357 2425 0808
  • Login
  • English

Home

Blog

How To Assign Dedicated IPs to OpenVPN A...

How To Assign Dedicated IPs to OpenVPN Accounts on pfSense

How To Assign Dedicated IPs to OpenVPN Accounts on pfSense

Spyros Theodorou

Spyros Theodorou · Systems Administrator

Aug 18, 2021 · Technical Tutorials

As a managed hosting provider, NetShop ISP offers Managed Firewall service for customers who utilize pfSense for Network routing, VPN, Firewall management and Traffic monitoring needs.

One of the most frequent requests we receive is to provide OpenVPN accounts to a company’s employees with a static/dedicated IP address on one or more VPN accounts.

The documentation found online is quite poor for this particular implementation as it involves in-depth knowledge and expertise on both the OpenVPN and pfSense services.

In this article we will explain in clear, easy steps how you can assign multiple IP address in pfSense and assign them to one or more OpenVPN accounts.

The pfSense version used in this article’s example is 2.5.0-RELEASE (amd64) and we tested it on one a UK VPS server.

Prerequisites

Let’s get to work now.

Steps to Assign Multiple IPs in OpenVPN Accounts

Step 1: Add Virtual IPs

Assuming your Server has been assigned with multiple IPs, the first step is to add them as Virtual IPs from the pfSense GUI.

From the top menu click Firewall > Virtual IPs and then click the green “Add” button.

In the next page, please follow the same settings as shown in the screenshot below. The IP address is one of the additional IPs assigned on your server which you will eventually want to assign in a specific OpenVPN account.

When done, press Save at the bottom of the page.

The new Virtual IP has been added. Now proceed to Apply the Changes.

Step 2 – Create OpenVPN User

At this point we will create a new user for whom, later in this tutorial, we will assign a dedicated IP address.

From the top menu click System > User Manager and then click the “Add” button

The important setting when creating a new user, is the Certificate option. Check the box to ensure the new user will be associated with a dedicated Certificate on server-side.

Step 3 – Assign Static Local IP (Tunnel Network)

Upon creating successfully a new User (Step 2) we must now assign a static Tunnel Network IP. We assume you have already created the tunnel network when installing the OpenVPN Service. In our example, the tunnel network is 10.101.1.0/24.

To proceed with the local IP assignment, navigate to VPN > OpenVPN

 From the tabs click “Client Specific Overrides” and then click the “Add” button.

The Common Name must match exactly the username of the respective user. Then, as a good practice, add the tunnel network IP in the description field so you can quickly identify the IPs assigned to each user.

Under the Client Settings / Advanced section, add the command ifconfig-push 10.101.1.31 255.255.255.0. Remember that in this example we are using the IP 10.101.1.31 for our new OpenVPN user Spyros2.

Step 4 – Setup 1:1 NAT Rule

So far, we have created the OpenVPN Account for our user and assigned a static IP address for the tunnel network. Now it’s time to setup a 1:1 NAT rule for the tunnel’s local IP address translation into one of our public IP Addresses.

From the top menu go to Firewall > NAT

Click the 1:1 tab and then click the “Add’ button

Add the Public IP address (the one you have added as Virtual IP in Step 1) as the External subnet IP.

Then, under the Internal IP field add the Tunnel Network IP used in Client Overrides in Step 3. Then press Save.

We are done with assigning a static IP address to the OpenVPN user! Now you can export the OpenVPN certificate for your user who can start browsing the Internet using the newly assigned Public IP address.

Facing Issues? Opt for a Fully Managed Firewall

NetShop ISP offers Virtual and Hardware Firewalls based on pfSense. Moreover you may opt for a Fully Managed Firewall service so you can focus on your core business while we take care of the following aspects of your Firewall:

  • pfSense Setup
  • Public and Private Network Configuration
  • High-Availability and pfSense Failover Setup (CARP)
  • Additional Services Installation (OpenVPN, Squid, etc)
  • Security Hardening
  • Network Administration
  • pfSense Backup Management

Press Releases
79

Free VPS Trial

No Credit Card Required.

Recent Posts

Black Friday & Cyber Monday Offer – 30% Lifetime Discount on VPS Plans

Black Friday & Cyber Monday Offer – 30% Lifetime Discount on VPS Plans

02 December, 2024

How To Install Sendy on Ubuntu 22.04 Server

How To Install Sendy on Ubuntu 22.04 Server

27 November, 2024

How To Extract Certificates and Private Key from .PFX file

How To Extract Certificates and Private Key from .PFX file

19 November, 2024

NetShop ISP CEO Stefano Sordini to Moderate Key Panel on Forex AI Automation at Cyprus Fintech Summit 2024

NetShop ISP CEO Stefano Sordini to Moderate Key Panel on Forex AI Automation at Cyprus Fintech Summit 2024

15 November, 2024

Preparing for the Daylight Saving Time (DST) Change: Essential Updates for MetaTrader 4/5 Platforms

Preparing for the Daylight Saving Time (DST) Change: Essential Updates for MetaTrader 4/5 Platforms

25 October, 2024

#letushostyou

Award Winning Hosting Provider established in 2004.

120 Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca 6031, Cyprus

Products

Bare Metal Servers

Customized Servers

Virtual / Cloud Servers

Forex VPS

Storage VPS

cPanel Web Hosting

Reseller Web Hosting

Colocation

Addons

Premium DNS

Email Hosting

Cloud Backup

DDoS Protection

Licenses

SSL Certificates

Domain Names

Premium SLAs

About Us

Data Center Locations

Looking Glass

Our Company

Contact Us

Careers in Cyprus

Become a Partner

Awards

Certifications

© 2024 S.S. NetShop Internet Services Ltd. All rights reserved.  Terms & Conditions  |  Privacy Policy
CY Reg. Number: HE 217340 | EU VAT Number: CY10217340J

Visa
Mastercard
PayPal
Bitcoin
Tether
Ethereum
Litecoin
Wise
Revolut
Wire Transfer