OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Using dynamic public IP addresses for clients

https://forums.openvpn.net/viewtopic.php?t=7084

Page 1 of 1

Using dynamic public IP addresses for clients

Posted: Fri Sep 10, 2010 1:49 am
by mindframe
Hello all,

I am interested if the community version of OpenVPN supports having publicly routed dynamic (or static) IP pools? I'm not using my VPN server for corporate remote access, more of an internet gateway. I would like to have each client's IP address be fully routed and not firewalled.

I would imagine all that would need to be done is prevent any NAT'ing and just route all the traffic to the default gateway?

Here's a setup I have in mind:

VPN Server Pool: 50.50.196.64/28
1. Mangement Interface (clients connect here): 50.50.196.66
2. Dynamic Pool: 50.50.196.67-78

I would like to assign all clients to that do not have static assignments to the dynamic IP pool and route them directly to the internet via my default gateway: 50.50.196.65.

Is this possible? I'm told this feature will be available in later releases of the Access Server and currently only works in layer 2 mode on Windows clients only...

I'm not sure if a routed or bridged solution would be simpler...

If anyone could point me in the right direction or assist in some configuration commands that would be fantastic.


Thanks in advance

Re: Using dynamic public IP addresses for clients

Posted: Fri Sep 10, 2010 2:56 am
by mindframe
Forgot configs:

Server:

Code: Select all

local 50.50.196.66
dev tap0
server-bridge 50.50.196.66 255.255.240.0 50.50.196.67 50.50.196.78
push "route 50.50.196.64 255.255.240.0"
push "dhcp-option DNS 50.50.196.66"
push "dhcp-option DOMAIN ***.net"
#tls-auth ta.key 0
user nobody
group nobody
script-security 2

#certs
ca ca.crt
cert vpncon02.crt
key vpncon02.key
dh dh2048.pem
comp-lzo
Client:

Code: Select all

client

dev tap
;dev tun

proto udp

# The hostname/IP and port of the server.
remote 50.50.196.66 1194

# Choose a random host from the remote
remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
resolv-retry infinite

nobind
user nobody
group nobody

persist-key
persist-tun


# SSL/TLS parms.
ca keys/ca.crt
cert keys/patrick.crt
key keys/patrick.key

#tls-auth ta.key 1

# Select a cryptographic cipher.
;cipher x

comp-lzo
verb 3
# Silence repeating messages
;mute 20
After the client connects successfully I can't ping anything. Iptables is not configured on the machine and is default (Allow).
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/