Global dynamic IP address network VS group specific settings
Posted: Tue Jan 26, 2021 10:53 am
Hello,
I have a question for those familiar with OpenVPN networking configs. I am a bit worried if the configuration I want to implement will not cause IP address conflicts. I have the following scenario:
1. Currently I have no groups on the Access Server (v2.8.6).
2. I have a Dynamic IP Address Network configured on Access Server - Configuration - VPN Settings with a /20 subnet. The "Static IP Address Network (Optional)" and "Group Default IP Address Network (Optional)" are left blank on this page.
3. I want to create a group (the purpose of this group is to introduce Client Scripting) and assign users to it. I don't necessarily care about the group IP addressing however it seems I must specify it (as indicated by the error below). What I did so far was to create the group Access Server - USER MANAGEMENT - Group Permissions - New Group without specifying any VPN IP Addresses. I've assigned a user to that group to test it and got the following error on logon:
group assignment failed: referenced group u'XXXXXXXXXXXX' either does not exist or does not define group_subnets: omi/auth:618, internet/defer:1418, sagent/usersvc:1379, sagent/usersvc:642, sagent/usersvc:149, sagent/usersvc:276, sagent/usersvc:262, sagent/usersvc:229 (pyovpn.sagent.usersvc.GroupError)
4. I plan to assign a "Dynamic subnet ranges for this group" that is exactly the same as the global one from point nr 2 (the /20 subnet) as I don't really want to get into any subnetting / routing configurations down the road.
My concern is that if I have the same range specified in Global configuration and in Group specific configuration I can end up with Access Server assigning the same IP to 2 different clients. I imagine this could happen when I have some users in the group (those would use group specific IP assignment) and some without group membership (those would use the global settings) but perhaps this isn't anything to worry about as the Access Server has some built in mechanism to prevent this.
Any help would be appreciated.
Many Thanks.
I have a question for those familiar with OpenVPN networking configs. I am a bit worried if the configuration I want to implement will not cause IP address conflicts. I have the following scenario:
1. Currently I have no groups on the Access Server (v2.8.6).
2. I have a Dynamic IP Address Network configured on Access Server - Configuration - VPN Settings with a /20 subnet. The "Static IP Address Network (Optional)" and "Group Default IP Address Network (Optional)" are left blank on this page.
3. I want to create a group (the purpose of this group is to introduce Client Scripting) and assign users to it. I don't necessarily care about the group IP addressing however it seems I must specify it (as indicated by the error below). What I did so far was to create the group Access Server - USER MANAGEMENT - Group Permissions - New Group without specifying any VPN IP Addresses. I've assigned a user to that group to test it and got the following error on logon:
group assignment failed: referenced group u'XXXXXXXXXXXX' either does not exist or does not define group_subnets: omi/auth:618, internet/defer:1418, sagent/usersvc:1379, sagent/usersvc:642, sagent/usersvc:149, sagent/usersvc:276, sagent/usersvc:262, sagent/usersvc:229 (pyovpn.sagent.usersvc.GroupError)
4. I plan to assign a "Dynamic subnet ranges for this group" that is exactly the same as the global one from point nr 2 (the /20 subnet) as I don't really want to get into any subnetting / routing configurations down the road.
My concern is that if I have the same range specified in Global configuration and in Group specific configuration I can end up with Access Server assigning the same IP to 2 different clients. I imagine this could happen when I have some users in the group (those would use group specific IP assignment) and some without group membership (those would use the global settings) but perhaps this isn't anything to worry about as the Access Server has some built in mechanism to prevent this.
Any help would be appreciated.
Many Thanks.