[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Assigning static and dynamic IP addresses


  • Subject: [Openvpn-users] Assigning static and dynamic IP addresses
  • From: "James Miller" <jimm@xxxxxxxxxxxxxxx>
  • Date: Thu, 13 Jul 2006 11:49:35 -0500
  • Importance: Normal

Hello everyone,

I was hoping to get some feed back on my server configuration file.  I have
always run OpenVPN with DHCP assigned IP addresses.  I now have a few
connections for which I need to assign static IPs.  I was hoping to get a
second (third, forth, nth) pair of eyes to look over my configuration?

If I understand correctly, for the 'server' setting I'm using a private
class C and for the static IPs I (in this case) will be using a different
private class C.

Thanks for your help!
--Jim


# Which local IP address should OpenVPN
# listen on? (optional)
local 2xx.x9.x3.x8

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1xxx

# TCP or UDP server?
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
dev tun

#Certs
ca /etc/ssl/xxxxx.pem
cert /etc/ssl/xxxxxx.crt
key /etc/ssl/xxxxxx.key

# management interface
management localhost xx06

# Diffie Hellman parameters.
dh /etc/openvpn/xxxxxxx_dh2048.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 172.16.14.0 255.255.255.0


# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route xxx.xx.xxx.0 255.255.255.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# STATIC IP ASSIGNMENTS
client-config-dir ccd
route 172.16.15.0 255.255.255.0
# Then add this line to ccd/CN_of_BOB1:
#   ifconfig-push 172.16.15.1 172.16.15.2
# Next user would have a file ccd/CN_of_Jane2:
#    ifconfig-push 172.16.15.5 17.16.15.6
# Next user would have a file ccd/CN_of_Joe3:
#    ifconfig-push 172.16.15.9 17.16.15.10
# Next user would have a file ccd/CN_of_Billy4:
#    ifconfig-push 172.16.15.13 17.16.15.14


# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
keepalive 10 60

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
#   openvpn --genkey --secret xxxxx.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth /etc/openvpn/xxxxxxx_ta.txt 0 # This file is secret


# The maximum number of concurrently connected
# clients we want to allow.
max-clients 128

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup
persist-key
persist-tun


# verify certificate
crl-verify /etc/ssl/crl.pem

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status xxxxxxxx-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.
log-append  /var/log/openvpn-xxxxxxxxxxxx.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
mute 20





______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users