|
|
I was hoping someone might comment on my configuration. I've tried this config and the client is still being assigned a dynamic IP address from the pool. I've verified I have the correct CN (from the server logs). Any suggestions/advice would be GREATLY appreciated. Thanks, Jim > -----Original Message----- > From: James Miller [mailto:jimm@xxxxxxxxxxxxxxx] > Sent: Thursday, July 13, 2006 11:50 AM > To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Assigning static and dynamic IP addresses > > > Hello everyone, > > I was hoping to get some feed back on my server configuration > file. I have always run OpenVPN with DHCP assigned IP addresses. > I now have a few connections for which I need to assign static > IPs. I was hoping to get a second (third, forth, nth) pair of > eyes to look over my configuration? > > If I understand correctly, for the 'server' setting I'm using a > private class C and for the static IPs I (in this case) will be > using a different private class C. > > Thanks for your help! > --Jim > > > # Which local IP address should OpenVPN > # listen on? (optional) > local 2xx.x9.x3.x8 > > # Which TCP/UDP port should OpenVPN listen on? > # If you want to run multiple OpenVPN instances > # on the same machine, use a different port > # number for each one. You will need to > # open up this port on your firewall. > port 1xxx > > # TCP or UDP server? > proto udp > > # "dev tun" will create a routed IP tunnel, > # "dev tap" will create an ethernet tunnel. > dev tun > > #Certs > ca /etc/ssl/xxxxx.pem > cert /etc/ssl/xxxxxx.crt > key /etc/ssl/xxxxxx.key > > # management interface > management localhost xx06 > > # Diffie Hellman parameters. > dh /etc/openvpn/xxxxxxx_dh2048.pem > > # Configure server mode and supply a VPN subnet > # for OpenVPN to draw client addresses from. > # The server will take 10.8.0.1 for itself, > # the rest will be made available to clients. > # Each client will be able to reach the server > # on 10.8.0.1. Comment this line out if you are > # ethernet bridging. See the man page for more info. > server 172.16.14.0 255.255.255.0 > > > # Push routes to the client to allow it > # to reach other private subnets behind > # the server. Remember that these > # private subnets will also need > # to know to route the OpenVPN client > # address pool (10.8.0.0/255.255.255.0) > # back to the OpenVPN server. > push "route xxx.xx.xxx.0 255.255.255.0" > > # To assign specific IP addresses to specific > # clients or if a connecting client has a private > # subnet behind it that should also have VPN access, > # use the subdirectory "ccd" for client-specific > # configuration files (see man page for more info). > > # STATIC IP ASSIGNMENTS > client-config-dir ccd > route 172.16.15.0 255.255.255.0 > # Then add this line to ccd/CN_of_BOB1: > # ifconfig-push 172.16.15.1 172.16.15.2 > # Next user would have a file ccd/CN_of_Jane2: > # ifconfig-push 172.16.15.5 17.16.15.6 > # Next user would have a file ccd/CN_of_Joe3: > # ifconfig-push 172.16.15.9 17.16.15.10 > # Next user would have a file ccd/CN_of_Billy4: > # ifconfig-push 172.16.15.13 17.16.15.14 > > > # The keepalive directive causes ping-like > # messages to be sent back and forth over > # the link so that each side knows when > # the other side has gone down. > keepalive 10 60 > > # For extra security beyond that provided > # by SSL/TLS, create an "HMAC firewall" > # to help block DoS attacks and UDP port flooding. > # > # Generate with: > # openvpn --genkey --secret xxxxx.key > # > # The server and each client must have > # a copy of this key. > # The second parameter should be '0' > # on the server and '1' on the clients. > tls-auth /etc/openvpn/xxxxxxx_ta.txt 0 # This file is secret > > > # The maximum number of concurrently connected > # clients we want to allow. > max-clients 128 > > # It's a good idea to reduce the OpenVPN > # daemon's privileges after initialization. > # The persist options will try to avoid > # accessing certain resources on restart > # that may no longer be accessible because > # of the privilege downgrade. > # > # You can uncomment this out on > # non-Windows systems. > user nobody > group nogroup > persist-key > persist-tun > > > # verify certificate > crl-verify /etc/ssl/crl.pem > > # Output a short status file showing > # current connections, truncated > # and rewritten every minute. > status xxxxxxxx-status.log > > # By default, log messages will go to the syslog (or > # on Windows, if running as a service, they will go to > # the "\Program Files\OpenVPN\log" directory). > # Use log or log-append to override this default. > # "log" will truncate the log file on OpenVPN startup, > # while "log-append" will append to it. > log-append /var/log/openvpn-xxxxxxxxxxxx.log > > # Set the appropriate level of log > # file verbosity. > # > # 0 is silent, except for fatal errors > # 4 is reasonable for general usage > # 5 and 6 can help to debug connection problems > # 9 is extremely verbose > verb 4 > > # Silence repeating messages. At most 20 > # sequential messages of the same message > # category will be output to the log. > mute 20 > > > > ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |