[SOLVED] Routing all traffic breaks when ccd used to statically define IPs
Posted: Sat Oct 13, 2018 10:08 am
Goal:
Current State:
My current configuration allows clients to connect, get a dynamically assigned IP from the "server" pool, and all traffic is tunneled through the VPN (besides RFC1918 space). This is perfect aside from the dynamically assigned IP.
What I've tried:
...
dev tun
client-config-dir /etc/openvpn/ccd
topology subnet
server 10.5.0.0 255.255.0.0
ifconfig-pool-persist pool.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
persist-key
persist-tun
...
ifconfig-push 10.5.0.1 255.255.255.255
client
dev tun
proto udp
remote server_ip port
resolv-retry infinite
nobind
persist-key
persist-tun
route 10.0.0.0 255.0.0.0 net_gateway
route 127.0.0.0 255.0.0.0 net_gateway
route 172.16.0.0 255.240.0.0 net_gateway
route 192.168.0.0 255.255.0.0 net_gateway
route 224.0.0.0 255.255.255.0 net_gateway
Thanks much!
- client <-> OpenVPN <-> Internet
- Define IPs statically
- Modify IP assignments without restarting OpenVPN
Current State:
My current configuration allows clients to connect, get a dynamically assigned IP from the "server" pool, and all traffic is tunneled through the VPN (besides RFC1918 space). This is perfect aside from the dynamically assigned IP.
What I've tried:
- Using the server's ifconfig-pool-persist option I can specify common name to IP mappings. However, this seems to require a full service restart to pick up changes. Is there some other way to pick up changes here besides a service restart? Restart is impractical as it causes currently connected clients to stall / lose connection.
- Using client-config-dir option and specifying in each client's ccd file "ifconfig-push client_ip 255.255.255.255 I can correctly assign specific clients the correct IP. However, when I do this, clients no longer tunnel traffic through the VPN! Why?
- Have yet to try client-connect script but I do expect this to be have the same as option (2) above.
Server Config
...
dev tun
client-config-dir /etc/openvpn/ccd
topology subnet
server 10.5.0.0 255.255.0.0
ifconfig-pool-persist pool.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
persist-key
persist-tun
...
CCD Contents
ifconfig-push 10.5.0.1 255.255.255.255
Client Config
client
dev tun
proto udp
remote server_ip port
resolv-retry infinite
nobind
persist-key
persist-tun
route 10.0.0.0 255.0.0.0 net_gateway
route 127.0.0.0 255.0.0.0 net_gateway
route 172.16.0.0 255.240.0.0 net_gateway
route 192.168.0.0 255.255.0.0 net_gateway
route 224.0.0.0 255.255.255.0 net_gateway
Thanks much!