Set client IP address via post-auth or client-connect script

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
alfredballe
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 25, 2019 7:14 pm

Set client IP address via post-auth or client-connect script

Post by alfredballe » Fri Aug 02, 2019 7:14 pm

Is it possible with OpenVPN 2.4 to set a clients IP address from the 10.8.0.0/24 subnet via a post-auth or client-connect script in Python?

I haven't been able to find any specific information on this.

alfredballe
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 25, 2019 7:14 pm

Re: Set client IP address via post-auth or client-connect script

Post by alfredballe » Mon Aug 05, 2019 6:55 pm

It seems there's mentioned example script in https://openvpn.net/vpn-server-resource ... -examples/, but I do not have /usr/local/openvpn_as/doc/post_auth it seems?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Set client IP address via post-auth or client-connect script

Post by TinCanTech » Mon Aug 05, 2019 10:20 pm

That is OpenVPN Access Server documentation.

Try the open source stuff on the wiki.
https://community.openvpn.net/openvpn/wiki/TitleIndex

alfredballe
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 25, 2019 7:14 pm

Re: Set client IP address via post-auth or client-connect script

Post by alfredballe » Fri Aug 09, 2019 6:38 am

Ok, I've added in server.conf:
client-connect /etc/openvpn/client-connect.py

And my client-connect.py is as follows:

Code: Select all

import os
import sys

if [os.environ['username'] == 'alfred':
    print('ifconfig-push 10.8.0.11 255.255.255.0')
    sys.exit(0)

sys.exit(1)
I see no errors in syslog, but IP address is not assigned.

alfredballe
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 25, 2019 7:14 pm

Re: Set client IP address via post-auth or client-connect script

Post by alfredballe » Fri Aug 09, 2019 7:26 am

Changed to:

Code: Select all

with open(sys.argv[1], "a") as tmpfile:
    tmpfile('ifconfig-push 10.8.0.11 255.255.255.0')
Now I'm getting, from the client not the server, error:

Code: Select all

"TUN setup failed: tun_prop_error: ifconfig addresses are not in the same /30 subnet'
My server.conf has:

Code: Select all

...
server 10.8.0.0 255.255.255.0
...
push "route 100.100.0.0 255.192.0.0"
...

alfredballe
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 25, 2019 7:14 pm

Re: Set client IP address via post-auth or client-connect script

Post by alfredballe » Fri Aug 09, 2019 8:11 am

It seems to work with the following addons:

In server.conf

Code: Select all

topology subnet
In client-connect

Code: Select all

with open(sys.argv[1], "a") as tmpfile:
    tmpfile('ifconfig-push 10.8.0.11 255.255.255.252')
Does that seem correct, just to make sure things are configured correctly?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Set client IP address via post-auth or client-connect script

Post by TinCanTech » Fri Aug 09, 2019 11:57 am

--topology subnet uses a /24 subnet not /30 as you have chosen above.

alfredballe
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 25, 2019 7:14 pm

Re: Set client IP address via post-auth or client-connect script

Post by alfredballe » Sat Aug 10, 2019 7:18 am

Ok, so I should either change:

Code: Select all

with open(sys.argv[1], "a") as tmpfile:
    tmpfile('ifconfig-push 10.8.0.11 255.255.255.252')
To match subnet /24 or or remove below to match /30

Code: Select all

topology subnet
Is that correct? Even though it seems to work this way?

Post Reply