Was wondering if there is another method/mechanism that can assist with associating IP's with users so that they get the same IP in most cases...Obviously when a second connection is made with the same username it would need to get a different IP, but we're trying to ensure that the first/main connection gets the same IP each time.
Here is our server config:
Code: Select all
local 10.xxx.yyy.zzz
port 1194
proto udp
dev tun0
ca ca.crt
cert vpn.crt
key vpn.key
dh dh2048.pem
keepalive 10 120
comp-lzo
persist-key
persist-tun
client-cert-not-required
username-as-common-name
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
status openvpn-udp_status.log
log-append openvpn-udp.log
verb 4
script-security 2
client-to-client
duplicate-cn
fragment 1300
mssfix
reneg-sec 0
cipher AES-256-CBC
auth SHA256
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
tls-version-min 1.2
topology subnet
ifconfig 172.xxx.yyy.2 172.xxx.yyy.3
ifconfig-pool 10.xxx.yyy.5 10.xxx.yyy.55
route 10.xxx.yyy.0 255.255.255.0
mode server
tls-server
push "route 10.0.0.0 255.0.0.0"
push "dhcp-option DNS 10.xxx.yyy.53"
client-connect /etc/openvpn/master.sh
client-disconnect /etc/openvpn/master.sh
user nobody
group nobody
inactive 900
The master.sh is designed to use env "script_type" to know if it's connect or disconnect, and does a few things needed for proxy-arp and dns entries.
Everything in regards to openvpn is working great, just trying to figure out if there is a way to ensure that the first connection for a username uses the same IP address each time.
Thanx in advance!
