Using ifconfig-pool in client-config-dir

This is where we can discuss what we would like to see added or changed in OpenVPN.
Post Reply
andre.esser
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 07, 2019 3:17 pm

Using ifconfig-pool in client-config-dir

Post by andre.esser » Thu Mar 07, 2019 3:36 pm

Hi,

My users connect to the same OpenVPN server and have the same client OpenVPN configuration (authentication through common client cert plus individual login/password through openvpn-plugin-auth-pam.so). I now have to implement access restrictions based on their logins. I've been testing the client-config-dir feature with username-as-common-name and statis IPs as described in https://openvpn.net/community-resources ... s-policies, and this all works very well.

However for hundreds of users the manual assignment of IPs gets very tedious. So I've tried to create a small number of 'access-class' files in the client-config-dir, containing ifconfig-pool settings for the respective subnets. Then I would only have to create appropriate symlinks for my users to those 'access-class' files and wouldn't have to worry about individual IPs any more. Unfortunately OpenVPN doesn't see it that way, and I get this error:

"Options error: option 'ifconfig-pool' cannot be used in this context (/etc/openvpn/ccd/andre.esser)"

Do any of you know whether what I'm trying to do is possible at all?

Many thanks,

Andre

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5786
Joined: Fri Jun 03, 2016 1:17 pm

Re: Using ifconfig-pool in client-config-dir

Post by TinCanTech » Thu Mar 07, 2019 4:05 pm

This certainly is not possible with current openvpn.

You could make a feature request here:
https://community.openvpn.net/openvpn/newticket

Select: Type Feature Wish

Also, I am not confident that the openvpn article you read is accurate, I would need to test it.

Edit: Double checked with the Devs, the article is quirky but will work.

andre.esser
OpenVpn Newbie
Posts: 2
Joined: Thu Mar 07, 2019 3:17 pm

Re: Using ifconfig-pool in client-config-dir

Post by andre.esser » Thu Mar 21, 2019 11:11 am

Thank you TinCanTech, created as

https://community.openvpn.net/openvpn/ticket/1173

Andre

SofianeLandez
OpenVpn Newbie
Posts: 4
Joined: Thu Mar 28, 2019 8:22 am

Re: Using ifconfig-pool in client-config-dir

Post by SofianeLandez » Thu Mar 28, 2019 8:26 am

Good to know! Thanks for the informations

Post Reply