Page 1 of 1
Set client IP address via post-auth or client-connect script
Posted: Fri Aug 02, 2019 7:14 pm
by alfredballe
Is it possible with OpenVPN 2.4 to set a clients IP address from the 10.8.0.0/24 subnet via a post-auth or client-connect script in Python?
I haven't been able to find any specific information on this.
Re: Set client IP address via post-auth or client-connect script
Posted: Mon Aug 05, 2019 6:55 pm
by alfredballe
It seems there's mentioned example script in
https://openvpn.net/vpn-server-resource ... -examples/, but I do not have /usr/local/openvpn_as/doc/post_auth it seems?
Re: Set client IP address via post-auth or client-connect script
Posted: Mon Aug 05, 2019 10:20 pm
by TinCanTech
That is OpenVPN Access Server documentation.
Try the open source stuff on the wiki.
https://community.openvpn.net/openvpn/wiki/TitleIndex
Re: Set client IP address via post-auth or client-connect script
Posted: Fri Aug 09, 2019 6:38 am
by alfredballe
Ok, I've added in server.conf:
client-connect /etc/openvpn/client-connect.py
And my client-connect.py is as follows:
Code: Select all
import os
import sys
if [os.environ['username'] == 'alfred':
print('ifconfig-push 10.8.0.11 255.255.255.0')
sys.exit(0)
sys.exit(1)
I see no errors in syslog, but IP address is not assigned.
Re: Set client IP address via post-auth or client-connect script
Posted: Fri Aug 09, 2019 7:26 am
by alfredballe
Changed to:
Code: Select all
with open(sys.argv[1], "a") as tmpfile:
tmpfile('ifconfig-push 10.8.0.11 255.255.255.0')
Now I'm getting, from the client not the server, error:
Code: Select all
"TUN setup failed: tun_prop_error: ifconfig addresses are not in the same /30 subnet'
My server.conf has:
Code: Select all
...
server 10.8.0.0 255.255.255.0
...
push "route 100.100.0.0 255.192.0.0"
...
Re: Set client IP address via post-auth or client-connect script
Posted: Fri Aug 09, 2019 8:11 am
by alfredballe
It seems to work with the following addons:
In server.conf
In client-connect
Code: Select all
with open(sys.argv[1], "a") as tmpfile:
tmpfile('ifconfig-push 10.8.0.11 255.255.255.252')
Does that seem correct, just to make sure things are configured correctly?
Re: Set client IP address via post-auth or client-connect script
Posted: Fri Aug 09, 2019 11:57 am
by TinCanTech
--topology subnet uses a /24 subnet not /30 as you have chosen above.
Re: Set client IP address via post-auth or client-connect script
Posted: Sat Aug 10, 2019 7:18 am
by alfredballe
Ok, so I should either change:
Code: Select all
with open(sys.argv[1], "a") as tmpfile:
tmpfile('ifconfig-push 10.8.0.11 255.255.255.252')
To match subnet /24 or or remove below to match /30
Is that correct? Even though it seems to work this way?