Set client IP address via post-auth or client-connect script
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Set client IP address via post-auth or client-connect script
Is it possible with OpenVPN 2.4 to set a clients IP address from the 10.8.0.0/24 subnet via a post-auth or client-connect script in Python?
I haven't been able to find any specific information on this.
I haven't been able to find any specific information on this.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: Set client IP address via post-auth or client-connect script
It seems there's mentioned example script in https://openvpn.net/vpn-server-resource ... -examples/, but I do not have /usr/local/openvpn_as/doc/post_auth it seems?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Set client IP address via post-auth or client-connect script
That is OpenVPN Access Server documentation.
Try the open source stuff on the wiki.
https://community.openvpn.net/openvpn/wiki/TitleIndex
Try the open source stuff on the wiki.
https://community.openvpn.net/openvpn/wiki/TitleIndex
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: Set client IP address via post-auth or client-connect script
Ok, I've added in server.conf:
client-connect /etc/openvpn/client-connect.py
And my client-connect.py is as follows:
I see no errors in syslog, but IP address is not assigned.
client-connect /etc/openvpn/client-connect.py
And my client-connect.py is as follows:
Code: Select all
import os
import sys
if [os.environ['username'] == 'alfred':
print('ifconfig-push 10.8.0.11 255.255.255.0')
sys.exit(0)
sys.exit(1)
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: Set client IP address via post-auth or client-connect script
Changed to:
Now I'm getting, from the client not the server, error:
My server.conf has:
Code: Select all
with open(sys.argv[1], "a") as tmpfile:
tmpfile('ifconfig-push 10.8.0.11 255.255.255.0')
Code: Select all
"TUN setup failed: tun_prop_error: ifconfig addresses are not in the same /30 subnet'
Code: Select all
...
server 10.8.0.0 255.255.255.0
...
push "route 100.100.0.0 255.192.0.0"
...
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: Set client IP address via post-auth or client-connect script
It seems to work with the following addons:
In server.conf
In client-connect
Does that seem correct, just to make sure things are configured correctly?
In server.conf
Code: Select all
topology subnet
Code: Select all
with open(sys.argv[1], "a") as tmpfile:
tmpfile('ifconfig-push 10.8.0.11 255.255.255.252')
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Set client IP address via post-auth or client-connect script
--topology subnet uses a /24 subnet not /30 as you have chosen above.
-
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: Set client IP address via post-auth or client-connect script
Ok, so I should either change:
To match subnet /24 or or remove below to match /30
Is that correct? Even though it seems to work this way?
Code: Select all
with open(sys.argv[1], "a") as tmpfile:
tmpfile('ifconfig-push 10.8.0.11 255.255.255.252')
Code: Select all
topology subnet