Static Client IP's and CCD queries

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nickh
OpenVPN User
Posts: 20
Joined: Sun Mar 02, 2014 1:25 pm

Static Client IP's and CCD queries

Post by nickh » Mon Jul 22, 2019 8:00 am

I am looking to try to set up some fixed IP's on my system and I understand I can use a ccd folder and files in it from such a purpose, but I am concerned about potential clashes with clients without fixed IP and I am hoping I can get some answers to some questions.

If you are using ifconfig-pool-persist (e.g ipp.txt) to track connections, it looks like the use of a ccd file overrules the ipp.txt. As an example, if Fred was connected with a dynamically allocated IP of 172.17.3.22 (so 172.17.3.20 in the ipp.txt file), if Joe had a ccd file with "ifconfig-push 172.17.3.22 172.17.3.21" in it and then connected, Joe will end up with the same IP as Fred. This is clearly bad news (Fred loses his connection and the server can't ping either client).

For this reason, it looks like it is only safe to allocate a fixed IP to a user once a user has an entry in the ipp.txt file. Unfortunately the file is only written to when OpenVPN terminates. Is there any way of forcing it to write to the file while it is running?

When a new user comes along who has never connected before, does OpenVPN scan both the ipp.txt (or its internal table if it has not flushed it to file) and the ccd files to determine the next available IP, or does it just use its ipp.txt/internal table to determine the next available IP?

If you use a ccd file, and connect, does the IP address ever get written to the ipp.txt file? In my testing I never saw that it did but I may have missed something.

nickh
OpenVPN User
Posts: 20
Joined: Sun Mar 02, 2014 1:25 pm

Re: Static Client IP's and CCD queries

Post by nickh » Sun Jul 28, 2019 1:12 pm

Bump. Anyone, please?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5873
Joined: Fri Jun 03, 2016 1:17 pm

Re: Static Client IP's and CCD queries

Post by TinCanTech » Sun Jul 28, 2019 2:06 pm

There is a some what convoluted example here:
https://community.openvpn.net/openvpn/w ... sspolicies

nickh
OpenVPN User
Posts: 20
Joined: Sun Mar 02, 2014 1:25 pm

Re: Static Client IP's and CCD queries

Post by nickh » Mon Jul 29, 2019 11:50 am

@TinCanTech,
Thanks for that. I think I'd bumped into it before but not realised the significance. It looks like the key thing is to keep static IP's and the OpenVPN "dynamic IP's" (i.e. those that end up in ipp.txt) on different subnets by adding extra routes to the clients.conf for the static IPs, e.g:

Code: Select all

route 10.8.1.0 255.255.255.0
Then allocate the static IP's from within this subnet.

Post Reply