OpenVPN clients static ip

Stybyk · April 3, 2017, 2:37pm

Hello,
i need to use specific forwardings for some users on vpn.
But each day clients have another ip than previous day.
Would someone be so kind and helped me with settings of static release ip for VPN clients ?
I suppose that it must be made based on their certificates. But i don´t know how.
Thanks

einar · April 3, 2017, 3:52pm

You need to use the ifconfig-pool-persist option, and point it to a file (which will be created) to store these information. For example /etc/config/openvpn/ipp.txt (example only - either way, put it in something that won’t be wiped on a reboot).

Documentation:

# Maintain a record of client <-> virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.

Example (from an openvpn config file, not the one used normally by TurrisOS):

ifconfig-pool-persist ipp.txt

Stybyk · May 16, 2017, 9:08pm

Hi again,
From begining it look´s great and easy, but there is little problem. It does not work as it should work.

For example, i created manualy in ‘/etc/openvpn/ipp.txt’ 3 profiles according to my profiles created in foris.

Phone, 192.168.100.10
Work,192.168.100.20
NTB,192.168.100.30

But when i restart service it replace my address to another addresses alone.
Phone,192.168.100.4
Work,192.168.100.8

But when i connect to VPN with mobile assigned completely different addresses
192.168.100.6

That address is same as in routing table in log ‘/tmp/openvpn-status.log’

Openvpn config file generated automaticaly by foris script + my small addition of DNS.

config openvpn 'server_turris’
option enabled '1’
option port '1194’
option proto 'udp’
option dev 'tun_turris’
option ca '/etc/ssl/ca/openvpn/ca.crt’
option crl_verify '/etc/ssl/ca/openvpn/ca.crl’
option cert '/etc/ssl/ca/openvpn/01.crt’
option key '/etc/ssl/ca/openvpn/01.key’
option dh '/etc/dhparam/dh-default.pem’
option server '192.168.100.0 255.255.255.0’
option ifconfig_pool_persist '/etc/openvpn/ipp.txt’
option duplicate_cn '0’
option keepalive '10 120’
option comp_lzo 'yes’
option persist_key '1’
option persist_tun '1’
option status '/tmp/openvpn-status.log’
option verb '3’
option mute '20’
list push 'route 192.168.10.0 255.255.255.0’
list push ‘dhcp-option DNS 192.168.10.200’

Can anyone explain me why this is happening ?

tobolrom · May 17, 2017, 10:26am

I’am using CCD in OpenVPN and works great for me:

See topic Configuring client-specific rules and access policies on https://openvpn.net/index.php/open-source/documentation/howto.html