Openvpn - edit configuration file

jantrasak · April 29, 2023, 10:21am

Hello,

I would like use openvpn and have clients with static IP address.
It works well when I add line to config file
client config-dir ‘/etc/openvpn/ccd’
after changing config file /etc/config/openvpn
it is not possible create and download client configuration file from reForis anymore (Došlo k chybě při získávání dat.)
I am able do it again when I return /etc/config/openvpn file from backup
solution can be create and download all clients, it is working fine
when I would like add new opevpn client, I can replace config file /etc/config/openvpn from backup, create new client and edit config file again
is there any better solution?

hagrid · April 29, 2023, 1:18pm

Please paste here the contents of /etc/config/openvpn with the changes you have made.

jantrasak · April 29, 2023, 4:35pm

for example this:
without 0 at the end it is ok, with 0 it is wrong
option ifconfig_pool_persist ‘/etc/openvpn/ipp.txt’ 0

config openvpn ‘server_turris’
option enabled ‘1’
option port ‘1194’
option proto ‘udp’
option dev ‘tun_turris’
option ca ‘/etc/ssl/ca/openvpn/ca.crt’
option crl_verify ‘/etc/ssl/ca/openvpn/ca.crl’
option cert ‘/etc/ssl/ca/openvpn/01.crt’
option key ‘/etc/ssl/ca/openvpn/01.key’
option dh ‘/etc/ssl/ca/openvpn/dhparam.pem’
option server ‘10.8.0.0 255.255.255.0’
option ifconfig_pool_persist ‘/etc/openvpn/ipp.txt’ 0
option duplicate_cn ‘0’
option keepalive ‘10 120’
option persist_key ‘1’
option persist_tun ‘1’
option status ‘/tmp/openvpn-status.log’
option verb ‘3’
option mute ‘20’
option topology ‘subnet’
list push ‘route 192.168.1.0 255.255.255.0’

tried also add
ifconfig-pool-persist-expire 0
or

client-config-dir ‘/etc/openvpn/ccd’

hagrid · April 29, 2023, 4:38pm

Why do you add the 0 at the end?

jantrasak · April 29, 2023, 4:43pm

To force manual IP assignment

jantrasak · April 29, 2023, 4:48pm

config openvpn ‘server_turris’
option enabled ‘1’
option port ‘1194’
option proto ‘udp’
option dev ‘tun_turris’
option ca ‘/etc/ssl/ca/openvpn/ca.crt’
option crl_verify ‘/etc/ssl/ca/openvpn/ca.crl’
option cert ‘/etc/ssl/ca/openvpn/01.crt’
option key ‘/etc/ssl/ca/openvpn/01.key’
option dh ‘/etc/ssl/ca/openvpn/dhparam.pem’
option server ‘10.8.0.0 255.255.255.0’
option ifconfig_pool_persist ‘/etc/openvpn/ipp.txt’
option client-config-dir ‘/etc/openvpn/ccd’
option duplicate_cn ‘0’
option keepalive ‘10 120’
option persist_key ‘1’
option persist_tun ‘1’
option status ‘/tmp/openvpn-status.log’
option verb ‘3’
option mute ‘20’
option topology ‘subnet’
list push ‘route 192.168.1.0 255.255.255.0’

hagrid · April 30, 2023, 12:24am

Please specify the version of Turris OS you use.

jantrasak · April 30, 2023, 5:54am

hagrid · April 30, 2023, 1:04pm

I see the syntax error of that line. Change it to
option client_config_dir ‘/etc/openvpn/ccd’

jantrasak · May 5, 2023, 9:09pm

solved, this works
option client_config_dir ‘/etc/openvpn/ccd’
thank you

AreYouLoco · May 6, 2023, 11:32am

@jantrasak mark the topic as solved