Scribd
Upload
38 views

Openvpn Assign Static Ip To Client: Author: Tobias Hofmann Date: September 21, 2018

The document discusses configuring OpenVPN to assign a static IP address to clients. It involves creating a "ccd" folder for client configuration files and adding an "ifconfig-push" directive that specifies the static IP and subnet mask. This allows the OpenVPN server to connect to clients using a fixed address and is useful when clients act as proxies for internal services.

Uploaded by

crepusculo89
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views

Openvpn Assign Static Ip To Client: Author: Tobias Hofmann Date: September 21, 2018

The document discusses configuring OpenVPN to assign a static IP address to clients. It involves creating a "ccd" folder for client configuration files and adding an "ifconfig-push" directive that specifies the static IP and subnet mask. This allows the OpenVPN server to connect to clients using a fixed address and is useful when clients act as proxies for internal services.

Uploaded by

crepusculo89
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

It`s full of stars!

Where documentation meets reality


OpenVPN Assign static IP to client
https://www.itsfullofstars.de

Author : Tobias Hofmann

Date : September 21, 2018

After configuring the overall OpenVPN client and server infrastructure, my clients can connect to a VPN.
The client can access server resources and vice versa. While the server gets normally always the same IP
assigned, the client IP address is assigned dynamically from a pool of IP addresses. Meaning: there is no
guarantee that the client always gets the same IP address. Normally, this is not a problem, as the client
connects to consume server resources. Such like a web site, or git repository. In my case, the architecture
is that the OpenVPN server acts as a proxy to internal services. The web site, git repository, etc are
running on the client. Therefore, the server must be able to connect to the client using a fix address.

To make this work, each time a client connects, the same IP must be assigned to. OpenVPN allows to
assign a static IP to a client.

Configuration

1. In /etc/openvpn create folder ccd. Ccd stands for client config directory, meaning: it contains the
configuration for a client.
2. Edit file server.conf and add line "client-config-dir ccd"

# EXAMPLE: Suppose the client # having the certificate common name "Theloniou
s" # also has a small subnet behind his connecting # machine, such as 192.16
8.40.128/255.255.255.248. # First, uncomment out these lines: client-config-
dir ccd

3. Create a configuration file for each client and put into directory ccd. As file name, use the same name
for the client as used in the CN field of the client certificate.

1/4
It`s full of stars!
Where documentation meets reality
ifconfig-push IP MASK
https://www.itsfullofstars.de

Example:

ifconfig-push 10.8.0.2 255.255.255.255

CLI steps

sudo mkdir /etc/openvpn/ccd sudo touch /etc/openvpn/ccd/client1 sudo vim /et


c/openvpn/server.conf Uncomment the line containing client config parameter
client-config-dir ccd

sudo vim /etc/openvpn/ccd/client1 Insert: ifconfig-push 10.8.0.2 255.255.255


.255 Restart OpenVPN service on server sudo /etc/init.d/openvpn restart

2/4
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de
Client with automatic assignment of IP: 10.8.0.6

After restart of OpenVPN server: IP is now 10.8.0.2

Server log

3/4
It`s full of stars!
Where documentation meets reality
https://www.itsfullofstars.de

Additional information can be found in OpenVPN documentation.

client-config-dir

“This file can specify a fixed IP address for a given client using --ifconfig-push, as well as fixed subnets
owned by the client using --iroute.”
https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

ifconfig-push

„Push virtual IP endpoints for client tunnel, overriding the --ifconfig-pool dynamic
allocation.”
https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

Powered by TCPDF (www.tcpdf.org)


4/4

You might also like