[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Static Address assignment for particular users


  • Subject: Re: [Openvpn-users] Static Address assignment for particular users
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Fri, 21 Jan 2005 22:05:43 -0500

On Fri, 21 Jan 2005 16:55:16 -0500, Andrew J. Richardson
<andrew@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > On Fri, 21 Jan 2005, Michael Kelly wrote:
> > >> I was just wondering, is there a way I can give a particular user a
> > >> static address outta ip pool range when that particular
> > user connects
> > >> to the vpn, and obviously at the same time take that range
> > outta the
> > >> dynamic range when he gets assigned it.
> > >>
> > >>
> > >> (So for example my server has a /24 ip pool to dynamically
> > allocate
> > >> to
> > >> clients, I wanna allocate a single static address outta
> > that range to a
> > >> particular client, remove it from the range and leave the
> > rest of the
> > >> range for my other dynamic clients)
> > >
> > > You can accomplish this with the --client-config-dir option on the
> > > servr side. After the directive put a path and inside of that
> > > directory create a file with the same name as the cn name in the
> > > certificate. In the file use the --ifconfig-push directive
> > and send
> > > the client his IP address.
> > >
> > > For your reference this is well documented in the man page.
> >
> > I'm not sure that will make OpenVPN exclude that IP address from the
> > normal pool though.
> 
> It won't, but you can do this: let OpenVPN assign from the bottom of the
> subnet up (192.168.x.2, 3, 4, etc.) while assigning your static clients
> their addresses from the top of the subnet down (192.168.x.254, 253, etc.)
> using client-config-dir and ifconfig-push.  Unless you have a real hoard of
> clients connecting, the two should never meet.

All I have to say is that this is definitely not going into anyone's
best practices.

How many quick fixes, band aids, and it wont ever happen solutions
have you been burned by.  Anyone remember the Y2K dilemma?  Many of
those programs where first created in the 60s  nearly 40 years later
we where bitten.

If nothing else because you swore "you would never do anything like
that" to someone else when you where bitten...

[steps down off the soap box]

-- 
Leonard Isham, CISSP
Ostendo non ostento.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users