Page 1 of 1

Double IP inside ipp.txt

Posted: Mon Jan 06, 2020 10:30 am
by sylvester
Hi,

We are running a OpenVPN 2.3.10 some hosts are double inside the ipp.txt.

Server.cfg
port 20000
proto udp
dev tun

status /var/log/openvpn-status.log

management localhost 7505

ca /etc/openvpn/cert/ca.crt
cert /etc/openvpn/cert/VPN001.crt
key /etc/openvpn/cert/VPN001.key
dh /etc/openvpn/cert/dh1024.pem

client-config-dir /etc/openvpn/ClientConfig

server 172.30.0.0 255.255.240.0
push "route 172.30.0.1 255.255.240.0"

ifconfig-pool-persist ipp.txt 600

max-clients 2000
keepalive 10 120

#comp-lzo

topology subnet

persist-key
persist-tun

verb 3
#client-to-client


Can somebody please explain how we can solve this issue?

Re: Double IP inside ipp.txt

Posted: Mon Jan 06, 2020 7:27 pm
by Pippin
Update your server.....

You're using ccd to assign IP based on common name of clients?
All of them or some?

Please read --ifconfig-pool-persist file [seconds] in the manual 2.3:
https://community.openvpn.net/openvpn/w ... n23ManPage

Re: Double IP inside ipp.txt

Posted: Mon Jan 06, 2020 8:45 pm
by sylvester
On client name who are unique for every server.

Re: Double IP inside ipp.txt

Posted: Mon Jan 06, 2020 9:17 pm
by Pippin
Pippin wrote:
Mon Jan 06, 2020 7:27 pm
Update your server.....
...
All of them or some?

Re: Double IP inside ipp.txt

Posted: Mon Jan 06, 2020 9:29 pm
by TinCanTech
1.
sylvester wrote:
Mon Jan 06, 2020 10:30 am
We are running a OpenVPN 2.3.10
Pippin wrote:
Mon Jan 06, 2020 7:27 pm
Update your server.....
You should really upgrade to 2.4

2.
sylvester wrote:
Mon Jan 06, 2020 10:30 am
some hosts are double inside the ipp.txt
Pippin wrote:
Mon Jan 06, 2020 7:27 pm
Please read --ifconfig-pool-persist file [seconds] in the manual 2.3:
UDP is a connectionless protocol
--ifconfig-pool-persist file is updated at regular intervals, it is not a live service ..
Openvpn has super cow powers
So, it is normal for the this file to not be perfectly accurate at all times.

Re: Double IP inside ipp.txt

Posted: Mon Jul 03, 2023 1:06 pm
by Toschi
We have the server running OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] on debian server and facing still that issue of double IP assignments .

script-security 2
proto udp
dev tun0
persist-tun
server 10.10.0.0 255.255.0.0
topology subnet
ifconfig-pool-persist ipp.txt
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
port 1194
keepalive 15 60
verb 3
ca auth/ca.crt
cert auth/server.crt
key auth/server.key
dh auth/server.dh
crl-verify auth/crl.pem
mssfix 1400
tls-auth auth/secret.key 0
client-config-dir ccd
verb 3

any advice is appreciated - (we need to keep it operating with the ipp.txt )
Is it possible to delete the double entries ?
Or is there a patch etc, available to avoid that issue?
Thanks in advance