Set fixed IP with OpenVPN client

Is it possible to assign a fixed IP to an Openvpn client config?
My use case: I want to assign a fixed IP in the upper range of the Virtual IP address pool for Mobile VPN with SSL (e.g. 192.168.X.240) to some smartphone clients using Openvpn (so that I can assign specific policies on those source IP's).

I've tried add the following directive to the openvpn config on the client side

ifconfig-push 192.168.X.240

But the client still receives a dynamic IP from watchguard.

Is it possible to receive a static IP on client side & how can I achieve this?


  • Options

    Sorry, no

  • Options

    Ok thanks, any other possibility to achieve my use case? I.e. assign Policies to specific VPN clients. My first thought was to add a new SSL VPN interface, but AFAIK you can only have 1. Maybe I could use another way of mobile VPN (ipsec, L2TP...)?

  • Options

    For SSLVPN etc., you can assign them by user ID or by authentication group names, and have policies for those user IDs or group names.

    For the IPSec client, you can create multiple Groups, and you can have a Group with a single Virtual IP addr - thus for a specific user with a known IP addr.

    Support for L2TP is being removed in the future supposedly. IKEv2 is the new direction here.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    You can't reserve an IP for a client, but like Bruce mentioned, you can set a policy for that user or group.

    (About Mobile VPN with SSL Policies)

    Even if this is for one user, I would suggest using a group for the policy. This is because usernames can be typed any way, such as 'james' 'James' or "JAMES." The group will always return the same way.

    -James Carson
    WatchGuard Customer Support

  • Options

    @james.carson & @Bruce_Briggs
    Thanks for the helpfull tips! I overlooked the function of having a policy specific for VPN users/groups. I'm more used to the old-fashioned way of using source IP's etc.


Sign In to comment.