[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Second request RE: Assigning static and dynamic IP addresses


  • Subject: [Openvpn-users] Second request RE: Assigning static and dynamic IP addresses
  • From: "James Miller" <jimm@xxxxxxxxxxxxxxx>
  • Date: Fri, 14 Jul 2006 18:55:53 -0500
  • Importance: Normal

I was hoping someone might comment on my configuration.  I've tried this
config and the client is still being assigned a dynamic IP address from the
pool.  I've verified I have the correct CN (from the server logs).  Any
suggestions/advice would be GREATLY appreciated.


Thanks,
Jim



> -----Original Message-----
> From: James Miller [mailto:jimm@xxxxxxxxxxxxxxx]
> Sent: Thursday, July 13, 2006 11:50 AM
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Assigning static and dynamic IP addresses
>
>
> Hello everyone,
>
> I was hoping to get some feed back on my server configuration
> file.  I have always run OpenVPN with DHCP assigned IP addresses.
>  I now have a few connections for which I need to assign static
> IPs.  I was hoping to get a second (third, forth, nth) pair of
> eyes to look over my configuration?
>
> If I understand correctly, for the 'server' setting I'm using a
> private class C and for the static IPs I (in this case) will be
> using a different private class C.
>
> Thanks for your help!
> --Jim
>
>
> # Which local IP address should OpenVPN
> # listen on? (optional)
> local 2xx.x9.x3.x8
>
> # Which TCP/UDP port should OpenVPN listen on?
> # If you want to run multiple OpenVPN instances
> # on the same machine, use a different port
> # number for each one.  You will need to
> # open up this port on your firewall.
> port 1xxx
>
> # TCP or UDP server?
> proto udp
>
> # "dev tun" will create a routed IP tunnel,
> # "dev tap" will create an ethernet tunnel.
> dev tun
>
> #Certs
> ca /etc/ssl/xxxxx.pem
> cert /etc/ssl/xxxxxx.crt
> key /etc/ssl/xxxxxx.key
>
> # management interface
> management localhost xx06
>
> # Diffie Hellman parameters.
> dh /etc/openvpn/xxxxxxx_dh2048.pem
>
> # Configure server mode and supply a VPN subnet
> # for OpenVPN to draw client addresses from.
> # The server will take 10.8.0.1 for itself,
> # the rest will be made available to clients.
> # Each client will be able to reach the server
> # on 10.8.0.1. Comment this line out if you are
> # ethernet bridging. See the man page for more info.
> server 172.16.14.0 255.255.255.0
>
>
> # Push routes to the client to allow it
> # to reach other private subnets behind
> # the server.  Remember that these
> # private subnets will also need
> # to know to route the OpenVPN client
> # address pool (10.8.0.0/255.255.255.0)
> # back to the OpenVPN server.
> push "route xxx.xx.xxx.0 255.255.255.0"
>
> # To assign specific IP addresses to specific
> # clients or if a connecting client has a private
> # subnet behind it that should also have VPN access,
> # use the subdirectory "ccd" for client-specific
> # configuration files (see man page for more info).
>
> # STATIC IP ASSIGNMENTS
> client-config-dir ccd
> route 172.16.15.0 255.255.255.0
> # Then add this line to ccd/CN_of_BOB1:
> #   ifconfig-push 172.16.15.1 172.16.15.2
> # Next user would have a file ccd/CN_of_Jane2:
> #    ifconfig-push 172.16.15.5 17.16.15.6
> # Next user would have a file ccd/CN_of_Joe3:
> #    ifconfig-push 172.16.15.9 17.16.15.10
> # Next user would have a file ccd/CN_of_Billy4:
> #    ifconfig-push 172.16.15.13 17.16.15.14
>
>
> # The keepalive directive causes ping-like
> # messages to be sent back and forth over
> # the link so that each side knows when
> # the other side has gone down.
> keepalive 10 60
>
> # For extra security beyond that provided
> # by SSL/TLS, create an "HMAC firewall"
> # to help block DoS attacks and UDP port flooding.
> #
> # Generate with:
> #   openvpn --genkey --secret xxxxx.key
> #
> # The server and each client must have
> # a copy of this key.
> # The second parameter should be '0'
> # on the server and '1' on the clients.
> tls-auth /etc/openvpn/xxxxxxx_ta.txt 0 # This file is secret
>
>
> # The maximum number of concurrently connected
> # clients we want to allow.
> max-clients 128
>
> # It's a good idea to reduce the OpenVPN
> # daemon's privileges after initialization.
> # The persist options will try to avoid
> # accessing certain resources on restart
> # that may no longer be accessible because
> # of the privilege downgrade.
> #
> # You can uncomment this out on
> # non-Windows systems.
> user nobody
> group nogroup
> persist-key
> persist-tun
>
>
> # verify certificate
> crl-verify /etc/ssl/crl.pem
>
> # Output a short status file showing
> # current connections, truncated
> # and rewritten every minute.
> status xxxxxxxx-status.log
>
> # By default, log messages will go to the syslog (or
> # on Windows, if running as a service, they will go to
> # the "\Program Files\OpenVPN\log" directory).
> # Use log or log-append to override this default.
> # "log" will truncate the log file on OpenVPN startup,
> # while "log-append" will append to it.
> log-append  /var/log/openvpn-xxxxxxxxxxxx.log
>
> # Set the appropriate level of log
> # file verbosity.
> #
> # 0 is silent, except for fatal errors
> # 4 is reasonable for general usage
> # 5 and 6 can help to debug connection problems
> # 9 is extremely verbose
> verb 4
>
> # Silence repeating messages.  At most 20
> # sequential messages of the same message
> # category will be output to the log.
> mute 20
>
>
>
>


______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users