Hello all,
I am interested if the community version of OpenVPN supports having publicly routed dynamic (or static) IP pools? I'm not using my VPN server for corporate remote access, more of an internet gateway. I would like to have each client's IP address be fully routed and not firewalled.
I would imagine all that would need to be done is prevent any NAT'ing and just route all the traffic to the default gateway?
Here's a setup I have in mind:
VPN Server Pool: 50.50.196.64/28
1. Mangement Interface (clients connect here): 50.50.196.66
2. Dynamic Pool: 50.50.196.67-78
I would like to assign all clients to that do not have static assignments to the dynamic IP pool and route them directly to the internet via my default gateway: 50.50.196.65.
Is this possible? I'm told this feature will be available in later releases of the Access Server and currently only works in layer 2 mode on Windows clients only...
I'm not sure if a routed or bridged solution would be simpler...
If anyone could point me in the right direction or assist in some configuration commands that would be fantastic.
Thanks in advance
Using dynamic public IP addresses for clients
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Sep 10, 2010 1:34 am
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Sep 10, 2010 1:34 am
Re: Using dynamic public IP addresses for clients
Forgot configs:
Server:
Client:
After the client connects successfully I can't ping anything. Iptables is not configured on the machine and is default (Allow).
Server:
Code: Select all
local 50.50.196.66
dev tap0
server-bridge 50.50.196.66 255.255.240.0 50.50.196.67 50.50.196.78
push "route 50.50.196.64 255.255.240.0"
push "dhcp-option DNS 50.50.196.66"
push "dhcp-option DOMAIN ***.net"
#tls-auth ta.key 0
user nobody
group nobody
script-security 2
#certs
ca ca.crt
cert vpncon02.crt
key vpncon02.key
dh dh2048.pem
comp-lzo
Code: Select all
client
dev tap
;dev tun
proto udp
# The hostname/IP and port of the server.
remote 50.50.196.66 1194
# Choose a random host from the remote
remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
# SSL/TLS parms.
ca keys/ca.crt
cert keys/patrick.crt
key keys/patrick.key
#tls-auth ta.key 1
# Select a cryptographic cipher.
;cipher x
comp-lzo
verb 3
# Silence repeating messages
;mute 20