Massimo Marchi Home page

OpenVPN 2.1: Fix Client IP

I have a mixed set of ovpn clients, Windows and Linux. I use certs and a simple CA for authentication and I locked the access by the directive ccd-exclusive. Each authorized cert have an empty file, named as the CN, into the client-config-dir directory.

My original setting, before fixing, was:


...

dev tun1

...

server 10.8.0.1 255.255.255.0



ifconfig-pool-persist /var/run/openvpn/ipp.txt

client-config-dir /etc/openvpn/ccd

ccd-exclusive

...

I wanted a pool from .128 to .254 for free client and a bit of space for the p2p nets of the fixed clients. Thus I expanded the macro server and I made some changes like as follows:


...

dev tun1

...

mode server

tls-server

topology net30

push "topology net30"

ifconfig 10.8.0.1 10.8.0.2

ifconfig-pool 10.8.0.128 10.8.0.254

route 10.8.0.0 255.255.255.0

push "route 10.8.0.0 255.255.255.0"



ifconfig-pool-persist /var/run/openvpn/ipp.txt

client-config-dir /etc/openvpn/ccd

ccd-exclusive

...

I changed also the empty file for the fixed client adding a line like this:


ifconfig-push 10.8.0.5 10.8.0.6

The first IP was taken by client and the other is its gateway (note that each client have its own /30 net).

[Back to Index]

Massimo Marchi Home Page

OpenVPN 2.1: Fix Client IP