[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] How to assign random external IPs to OpenVPN users?

  • Subject: Re: [Openvpn-users] How to assign random external IPs to OpenVPN users?
  • From: Roland Pope <rpope@xxxxxxxxxxxxx>
  • Date: Sun, 10 Feb 2008 21:36:28 +1300

Perfect Privacy wrote:
> Hello,
> We have a dedicated server with 11 external IPs. On this server, we also 
> have an OpenVPN server installed. We have several hundreds of OpenVPN 
> users, all of which use the same client certificate (--duplicate-cn). We 
> also use PAM password authentification. My users are not all connected 
> at the same time of course, but maybe one dozen to a couple of dozens of 
> users at the same time, depending on the time of the day.
> What now happens if an OpenVPN client connects to the OpenVPN server is 
> that the server will assign its "main IP" to him. If he goes to 
> http://www.whatismyip.com/ he will always see the same "main IP" of my 
> server, while the other IPs are actually never used.
> What I would like to achieve is that I "randomly" assign any of my 11 
> external IPs to him, and that not always only the "main IP" is used.
> This is maybe not directly a problem that concerns OpenVPN but more a 
> network question.  I also have Squid installed, for example, and have 
> the same problem there. The user always gets the same external "main IP" 
> of my server, while the others remain unused. I, however, would like to 
> assign "randomly" any of my 11 external IPs to him.
> Does anybody know how this is achieved?

 From a networking viewpoint, outgoing packets on an Interface generally 
use the Primary Interface, or NIC Address. Incoming packets can be 
directed at any one of your 11 IP's and it generally doesn't matter 
which one, as long as any services you are connecting to are available 
on all of them.
Trying to get outgoing packets to use any one of your 11 external IP's 
would probably involve some clever firewall rules.
OpenVPN mailing lists