I am looking to try to set up some fixed IP's on my system and I understand I can use a ccd folder and files in it from such a purpose, but I am concerned about potential clashes with clients without fixed IP and I am hoping I can get some answers to some questions.
If you are using ifconfig-pool-persist (e.g ipp.txt) to track connections, it looks like the use of a ccd file overrules the ipp.txt. As an example, if Fred was connected with a dynamically allocated IP of 172.17.3.22 (so 172.17.3.20 in the ipp.txt file), if Joe had a ccd file with "ifconfig-push 172.17.3.22 172.17.3.21" in it and then connected, Joe will end up with the same IP as Fred. This is clearly bad news (Fred loses his connection and the server can't ping either client).
For this reason, it looks like it is only safe to allocate a fixed IP to a user once a user has an entry in the ipp.txt file. Unfortunately the file is only written to when OpenVPN terminates. Is there any way of forcing it to write to the file while it is running?
When a new user comes along who has never connected before, does OpenVPN scan both the ipp.txt (or its internal table if it has not flushed it to file) and the ccd files to determine the next available IP, or does it just use its ipp.txt/internal table to determine the next available IP?
If you use a ccd file, and connect, does the IP address ever get written to the ipp.txt file? In my testing I never saw that it did but I may have missed something.
Static Client IP's and CCD queries
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
nickh
- OpenVPN User
- Posts: 22
- Joined: Sun Mar 02, 2014 1:25 pm
-
nickh
- OpenVPN User
- Posts: 22
- Joined: Sun Mar 02, 2014 1:25 pm
Re: Static Client IP's and CCD queries
Bump. Anyone, please?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 7835
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Static Client IP's and CCD queries
There is a some what convoluted example here:
https://community.openvpn.net/openvpn/w ... sspolicies
https://community.openvpn.net/openvpn/w ... sspolicies
-
nickh
- OpenVPN User
- Posts: 22
- Joined: Sun Mar 02, 2014 1:25 pm
Re: Static Client IP's and CCD queries
@TinCanTech,
Thanks for that. I think I'd bumped into it before but not realised the significance. It looks like the key thing is to keep static IP's and the OpenVPN "dynamic IP's" (i.e. those that end up in ipp.txt) on different subnets by adding extra routes to the clients.conf for the static IPs, e.g:Then allocate the static IP's from within this subnet.
Thanks for that. I think I'd bumped into it before but not realised the significance. It looks like the key thing is to keep static IP's and the OpenVPN "dynamic IP's" (i.e. those that end up in ipp.txt) on different subnets by adding extra routes to the clients.conf for the static IPs, e.g:
Code: Select all
route 10.8.1.0 255.255.255.0