I have the central OpenVPN server (The server which all of the other OpenVPN servers connect) configured to negotiate with all end point via MAC address since a lot of the end points will have dynamic external addressing.
In having this configured the Master OpenVPN will assign the IP of the end point OpenVPN.
I want to be able to designate what that IP address is based on MAC address. This way the IP stays the same on the end point every time the tunnel is established.
SO
OPENVPN (Endpoint) X (x being the external facing interface) ISP Router <<<<<INT>>>>> OpenVPN (Master)
Reading through the conf file I found this
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
Where is the ccd directory?
How does the openvpn or where do I tell OpenVPN who or what Thelonious's MAC is?
If ccd should be in /etc/openvpn it is not there.
Configure a specific MAC Address to a designated IP Address
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue May 24, 2011 7:25 pm
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Configure a specific MAC Address to a designated IP Addr
the openvpn server does not know the MAC address of the clients ; in 'tap' mode it might know the mac address of the client 'tap' adapter but this is a random address. In 'tun' mode the MAC address of the client is not known at all.
You can ensure that a client gets a static IP address using the name of the client certificate; make sure each openvpn client has a unique certificate name (/CN=....) and then assign an IP address based on this. This can be done using either 'ifconfig-pool-persist ipp.txt' or it can be done using a client configuration file:
1) create a directory /etc/openvpn/ccd
2) configure the server to use
3) inside this directory, create a file with the name of each client certificate and with NO extension
4) the contents of this file would be
or whatever your 'server' IP range is.
You can ensure that a client gets a static IP address using the name of the client certificate; make sure each openvpn client has a unique certificate name (/CN=....) and then assign an IP address based on this. This can be done using either 'ifconfig-pool-persist ipp.txt' or it can be done using a client configuration file:
1) create a directory /etc/openvpn/ccd
2) configure the server to use
Code: Select all
topology subnet
client-config-dir /etc/openvpn/ccd
4) the contents of this file would be
Code: Select all
ifconfig-push 10.10.10.X 255.255.255.0
-
- OpenVpn Newbie
- Posts: 2
- Joined: Tue May 24, 2011 7:25 pm
Re: Configure a specific MAC Address to a designated IP Addr
This is exactly what I was looking for.
I apologize for the ignorance...This is how it was explained to me with the MACs. I now completely understand what you mean by the common name.
Appreciate it.
I apologize for the ignorance...This is how it was explained to me with the MACs. I now completely understand what you mean by the common name.
Appreciate it.
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Configure a specific MAC Address to a designated IP Addr
Excellent, closing topic