OpenVPN static IP address

Started by maxxer, May 11, 2020, 12:13:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 11, 2020, 12:13:31 PM
Hi.
I'm trying to assign a static IP to an OpenVPN client. I added in Client Specific Overrides a new rule with the openvpn username as common name, and in Advanced:

Code Select

ifconfig-push 192.168.99.15 255.255.255.0


but it will always get the same (but different) address. Is this still supported? thanks
YetOpen S.r.l.
May 11, 2020, 12:30:39 PM #1 Last Edit: May 11, 2020, 12:56:52 PM by knossos
I also have a question concerning this setup that might be relevant for you as well:

With
Code Select
ifconfig-push 192.168.99.15 255.255.255.0 you should assign the fixed IP address 192.168.99.15 to the client with the client specific override setting. For instance, in a certificate based scenario, the override would use the client certificate common name.


However, what happens if the same client has multiple devices and uses them to connect multiple times at the same time ?

In that case, IMHO the above configuration would only work a single time. If the user is already connected with a one device, the IP address will be taken. Hence if the user connects with another device at the same time, he would receive the same IP address again (192.168.99.15). Since the IP address is already taken for his first connection, I suppose the connection would fail.

So, is there a way to assign static IP address ranges to users ?

For instance, a user might have the fixed IP range 192.168.99.15 - 20.
Hence, the user could connect with up to 5 clients/devices at the same time. Each device would receive an address from the range 192.168.99.15 - 20. Any client specific firewall rules would thus consider the user's specific range.

Is this possible ?

Thanks !
May 11, 2020, 03:24:55 PM #2
You can create multiple OpenVPN servers on different ports, each with its own (small) IP range. Effectively one server per (power) user.

Bart...
May 14, 2020, 10:36:03 AM #3
Quote from: maxxer on May 11, 2020, 12:13:31 PM
I'm trying to assign a static IP to an OpenVPN client. I added in Client Specific Overrides a new rule with the openvpn username as common name, and in Advanced:

The procedure is correct, but for some reason (probably because by default the server allows the client to retain their IP) it's not immediately applied. I haven't had time to investigate further but it can take up to 4h.

The correct syntax is this:
Code Select

ifconfig-push 192.168.99.15 192.168.99.14

if the Topology checkbox on the server configuration is unticked. If this is enabled the command should be ifconfig-push 192.168.99.15 255.255.255.0 but I'm not sure, I haven't tested
YetOpen S.r.l.
May 14, 2020, 01:03:24 PM #4
Use "Force CSO Login Matching" in vpn Server Settings.
Then client specfic override will work on user name.

And it will work 100 % :)



May 14, 2020, 01:06:26 PM #5
Quote from: lewald on May 14, 2020, 01:03:24 PM
Use "Force CSO Login Matching" in vpn Server Settings.
Then client specfic override will work on user name.

if this is for me thanks but I have no problem in matching the CN, now. I need to understand why the override isn't applied immediately
YetOpen S.r.l.
Print
Go Up Pages1
User actions