Free VPS Trial,no credit card required

Start Free Trial
How To Assign Dedicated IPs to OpenVPN Accounts on pfSense

How To Assign Dedicated IPs to OpenVPN Accounts on pfSense

Spyros Theodorou

Spyros Theodorou · Systems Administrator

Aug 18, 2021 · Tutorials

As a managed hosting provider, NetShop ISP offers Managed Firewall service for customers who utilize pfSense for Network routing, VPN, Firewall management and Traffic monitoring needs.

One of the most frequent requests we receive is to provide OpenVPN accounts to a company’s employees with a static/dedicated IP address on one or more VPN accounts.

The documentation found online is quite poor for this particular implementation as it involves in-depth knowledge and expertise on both the OpenVPN and pfSense services.

In this article we will explain in clear, easy steps how you can assign multiple IP address in pfSense and assign them to one or more OpenVPN accounts.

The pfSense version used in this article’s example is 2.5.0-RELEASE (amd64) and we tested it on one a UK VPS server.

Prerequisites

Let’s get to work now.

Steps to Assign Multiple IPs in OpenVPN Accounts

Step 1: Add Virtual IPs

Assuming your Server has been assigned with multiple IPs, the first step is to add them as Virtual IPs from the pfSense GUI.

From the top menu click Firewall > Virtual IPs and then click the green “Add” button.

In the next page, please follow the same settings as shown in the screenshot below. The IP address is one of the additional IPs assigned on your server which you will eventually want to assign in a specific OpenVPN account.

When done, press Save at the bottom of the page.

The new Virtual IP has been added. Now proceed to Apply the Changes.

Step 2 – Create OpenVPN User

At this point we will create a new user for whom, later in this tutorial, we will assign a dedicated IP address.

From the top menu click System > User Manager and then click the “Add” button

The important setting when creating a new user, is the Certificate option. Check the box to ensure the new user will be associated with a dedicated Certificate on server-side.

Step 3 – Assign Static Local IP (Tunnel Network)

Upon creating successfully a new User (Step 2) we must now assign a static Tunnel Network IP. We assume you have already created the tunnel network when installing the OpenVPN Service. In our example, the tunnel network is 10.101.1.0/24.

To proceed with the local IP assignment, navigate to VPN > OpenVPN

 From the tabs click “Client Specific Overrides” and then click the “Add” button.

The Common Name must match exactly the username of the respective user. Then, as a good practice, add the tunnel network IP in the description field so you can quickly identify the IPs assigned to each user.

Under the Client Settings / Advanced section, add the command ifconfig-push 10.101.1.31 255.255.255.0. Remember that in this example we are using the IP 10.101.1.31 for our new OpenVPN user Spyros2.

Step 4 – Setup 1:1 NAT Rule

So far, we have created the OpenVPN Account for our user and assigned a static IP address for the tunnel network. Now it’s time to setup a 1:1 NAT rule for the tunnel’s local IP address translation into one of our public IP Addresses.

From the top menu go to Firewall > NAT

Click the 1:1 tab and then click the “Add’ button

Add the Public IP address (the one you have added as Virtual IP in Step 1) as the External subnet IP.

Then, under the Internal IP field add the Tunnel Network IP used in Client Overrides in Step 3. Then press Save.

We are done with assigning a static IP address to the OpenVPN user! Now you can export the OpenVPN certificate for your user who can start browsing the Internet using the newly assigned Public IP address.

Facing Issues? Opt for a Fully Managed Firewall

NetShop ISP offers Virtual and Hardware Firewalls based on pfSense. Moreover you may opt for a Fully Managed Firewall service so you can focus on your core business while we take care of the following aspects of your Firewall:

  • pfSense Setup
  • Public and Private Network Configuration
  • High-Availability and pfSense Failover Setup (CARP)
  • Additional Services Installation (OpenVPN, Squid, etc)
  • Security Hardening
  • Network Administration
  • pfSense Backup Management

Related Articles

Categories

Backup
6
Business Continuity
4
Cloud Hosting
9
Colocation
3
Company Updates
1
Cryptocurrencies
1
Data Centers
10
Dedicated Servers
3
Forex
12
Gaming
1
iGaming
28
Industry News
28
Interviews
7
Joomla
9
Magento
4
Managed Services
1
Press Releases
37
Product News
6
Resellers
1
Security
19
Streaming
1
Tech Startups
12
Tutorials
27
Uncategorized
389
Vps Hosting
9
Web Design & Development
3
Web Hosting
41
Webinars
1
Wordpress
14

Free VPS Trial

No Credit Card Required.

Recent Posts

How To Achieve Ultra Low Latency – A Guide for Forex Brokers and Liquidity Providers

How To Achieve Ultra Low Latency – A Guide for Forex Brokers and Liquidity Providers

01 December, 2021

How To Increase File Upload Size in Nginx Web Server

How To Increase File Upload Size in Nginx Web Server

23 November, 2021

Black Friday & Cyber Monday 2021 – Hosting Deals Up to 50%

Black Friday & Cyber Monday 2021 – Hosting Deals Up to 50%

22 November, 2021

SiGMA iGaming Expo 2021 in Malta Concludes Successfully for NetShop ISP

SiGMA iGaming Expo 2021 in Malta Concludes Successfully for NetShop ISP

19 November, 2021

How To Copy or Transfer Files on Linux Servers with RSync

How To Copy or Transfer Files on Linux Servers with RSync

10 November, 2021

Products

Bare Metal Dedicated Servers

Virtual Servers (VPS / VDS)

Rack Space & Colocation Hosting

Fast Web Hosting

Cloud Backup

Premium DNS Hosting

Company

About Us

Careers

Blog

Videos

WebinarsNew

Awards & Honours

Become a Partner

Contact Us

#letushostyou

Award Winning Hosting Provider with a Customer-centric approach to Business and an Open Source Mindset regarding Solutions and Products Development.

Est. 2004, Larnaca – Cyprus


About

Legal Address: 2A, Marathonos, Livadhia, 7060, Cyprus

Operations Office: 120, Faneromenis Avenue, Imperial Tower, 2nd Floor, Larnaca, 6031, Cyprus

Company Reg: HE 217340
EU VAT Number: CY10217340J
ISO 9001:2015: No. QS.21.038

International Phone: +357 2425 0808

Solutions

Load Balancing

IT As a Service

iGaming

Forex

Migration Services

Security

Disaster Recovery