IP address of offline certificates

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

IP address of offline certificates

Post by dnilgreb » Thu Sep 27, 2018 7:49 am

I am trying to find a way to edit firewall setting (ipfw) for certificates that are currently not connected to my OpenVPN server.
In order to do this, I need the IP addresses of said certificates.

If I have a certificate connected, I can just look in the openvpn-status.log file to get the IP address for that certificate. But this file only contains that information for certificates currently in session. So, how do I handle all the rest?
Everytime a certificate connects it gets the same IP, so I assume that the information is stored somewhere. Is it accessible somehow?

dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

Re: IP address of offline certificates

Post by dnilgreb » Thu Sep 27, 2018 8:41 am

I found the ipp.txt file, which contains the names of the certificates and IP addresses. But they seem to differ from the IP a certificate gets upon connection. For instance, the certificate that connects with 10.8.0.62 has 10.8.0.60 in ipp.txt.
Why is that, and is 10.8.0.62 for this certificate stored somewhere else?

dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

Re: IP address of offline certificates

Post by dnilgreb » Thu Sep 27, 2018 12:13 pm

OK, so now I´ve figured it out. The IP in ipp.txt is in fact a /30 subnet. Which means that in my example above, the certificate has 10.8.0.60/30.
So, simply look up the certificate in ipp.txt, grab the IP there, append /30, and insert that into the ipfw.
Done!

Post Reply