Set fixed IP with OpenVPN client
Is it possible to assign a fixed IP to an Openvpn client config?
My use case: I want to assign a fixed IP in the upper range of the Virtual IP address pool for Mobile VPN with SSL (e.g. 192.168.X.240) to some smartphone clients using Openvpn (so that I can assign specific policies on those source IP's).
I've tried add the following directive to the openvpn config on the client side
ifconfig-push 192.168.X.240 255.255.255.0
But the client still receives a dynamic IP from watchguard.
Is it possible to receive a static IP on client side & how can I achieve this?
0
Sign In to comment.
Comments
Sorry, no
Ok thanks, any other possibility to achieve my use case? I.e. assign Policies to specific VPN clients. My first thought was to add a new SSL VPN interface, but AFAIK you can only have 1. Maybe I could use another way of mobile VPN (ipsec, L2TP...)?
For SSLVPN etc., you can assign them by user ID or by authentication group names, and have policies for those user IDs or group names.
For the IPSec client, you can create multiple Groups, and you can have a Group with a single Virtual IP addr - thus for a specific user with a known IP addr.
Support for L2TP is being removed in the future supposedly. IKEv2 is the new direction here.
You can't reserve an IP for a client, but like Bruce mentioned, you can set a policy for that user or group.
See:
(About Mobile VPN with SSL Policies)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_policies.html
Even if this is for one user, I would suggest using a group for the policy. This is because usernames can be typed any way, such as 'james' 'James' or "JAMES." The group will always return the same way.
-James Carson
WatchGuard Customer Support
@james.carson & @Bruce_Briggs
Thanks for the helpfull tips! I overlooked the function of having a policy specific for VPN users/groups. I'm more used to the old-fashioned way of using source IP's etc.
Thanks!