[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: User-IP pair

  • Subject: Re: [Openvpn-users] Re: User-IP pair
  • From: "John E. Peterson" <jpeterson@xxxxxxxx>
  • Date: Thu, 5 May 2005 09:04:37 -0400
That was actually and interesting question because I think it answers something that I noticed. IP addresses are tied to certificates. What seems to be wierd is that IP's seem to be created and tied in by the order the certs are logged in first time, NOT the number itself.

What I have noticed for instance is if users log in first time in this order:

cert02    --->  IP01
cert04    --->  IP02
cert01    --->  IP03
cert03    --->  IP04

that IP's are generated and "locked" in that order.

In MY case, IP's then end up being locked to a particular workstation. (which 99% of the time is a particular user). Now, the question becomes, why do you want to assign IP's by USER? I happen to be running on a Windows Domain, so no matter what IP someone is from they are restricted by their login.

JP
----- Original Message ----- From: "Charles Duffy" <cduffy@xxxxxxxxxxx>
To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, May 04, 2005 8:58 PM
Subject: [Openvpn-users] Re: User-IP pair


On Wed, 04 May 2005 19:34:58 -0500, Luis Daniel Lucio Quiroz wrote:

Is it a way to make OpenVPN to assign a IP to a particular User no matters
on what workstation it's logged? 

Are certificates specific to the workstations or carried around by the
users (ie. on a USB key)? If the latter, it's easy -- use a
client-config-dir with config files specifying the IP to use, and there
you are. (OTOH, if your goal is to trace back from an IP to the user who's
logged on, you can dynamically add DNS entries as part of your
learn-address scripts, which is what I do; the IPs may vary, but the
addresses stay the same). Otherwise, you can use username-as-common-name
to have the client-config-dir indexed by usernames; or you can have a
client-connect script that looks at the "username" variable to decide what
IP to assign.

So, yes -- there are several ways to do this.



-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00052.html on line 226

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-05/msg00052.html on line 226