OpenVPN: Set a static IP Address for a client

Hi,

sometimes you have to set a static IP Address for some VPN Clients. Because they provide some server services which always must be reached at the same IP Address.

The client configuration do not provide any option to do that, set a static IP Address on the adapter itself is also always being overwritten when the client establish a connection to the OpenVPN server.

Solution: Define a client specific script at the server.

In this example the openvpn server’s OS is linux (tap Interface IP 10.1.134.62), the client runs at Windows (static IP 10.1.134.1).

Define a directory where the client scripts should be stored , e.g. /etc/openvpn/staticclients and create the directory

mkdir /etc/openvpn/staticclients

Add this directory as option to your openvpn configfile at the server:

client-config-dir /etc/openvpn/staticclients

For each client you have to create a file. The filename must match the “common name” attribute that was specified at the X509 certificate of the client.This command gets the CN from the computers certificate:

root@devdeb~ > openssl x509 -in /etc/openvpn/yourClientCertificate.cer -noout -subject | sed -e 's/.*CN=\(.*\)\/.*/\1/'

TESTCLIENT

This example pushs the IP Address 10.1.134.1/255.255.255.192 to the Client with the common name TESTCLIENT and also pushes a additional route for subnet 10.1.135.0.

cat /etc/openvpn/staticclients/TESTCLIENT

ifconfig-push 10.1.134.1 255.255.255.192
push "route 10.1.135.0 255.255.255.0 10.1.134.62"
# push "dhcp-option WINS addr"
# push "dhcp-option DNS addr"

Michael

Advertisment to support michlstechblog.info

Original Theme by Schiy · Powered by WordPress