Scribd
Upload
14 views2 pages

KAK - OpenVPN Assign Static IP To Client

Uploaded by

ADI -
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views2 pages

KAK - OpenVPN Assign Static IP To Client

Uploaded by

ADI -
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

OpenVPN Assign static IP to client

https://www.itsfullofstars.de/2018/09/openvpn-assign-static-ip-to-client/

After configuring the overall OpenVPN client and server infrastructure, my clients can connect to a VPN. The client can
access server resources and vice versa. While the server gets normally always the same IP assigned, the client IP address
is assigned dynamically from a pool of IP addresses. Meaning: there is no guarantee that the client always gets the same
IP address. Normally, this is not a problem, as the client connects to consume server resources. Such like a web site, or
git repository. In my case, the architecture is that the OpenVPN server acts as a proxy to internal services. The web site,
git repository, etc are running on the client. Therefore, the server must be able to connect to the client using a fix
address.

To make this work, each time a client connects, the same IP must be assigned to. OpenVPN allows to assign a static IP to
a client.

Configuration

1. In /etc/openvpn create folder ccd. Ccd stands for client config directory, meaning: it contains the configuration
for a client.
2. Edit file server.conf and add line “client-config-dir ccd“

# EXAMPLE: Suppose the client


# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
client-config-dir ccd

3. Create a configuration file for each client and put into directory ccd. As file name, use the same name for the client as
used in the CN field of the client certificate.

ifconfig-push IP MASK

Example:

ifconfig-push 10.8.0.2 255.255.255.255

CLI steps

sudo mkdir /etc/openvpn/ccd


sudo touch /etc/openvpn/ccd/client1
sudo vim /etc/openvpn/server.conf
Uncomment the line containing client config parameter
client-config-dir ccd

sudo vim /etc/openvpn/ccd/client1

Insert:
ifconfig-push 10.8.0.2 255.255.255.255

Restart OpenVPN service on server


sudo /etc/init.d/openvpn restart

Client with automatic assignment of IP: 10.8.0.6

After restart of OpenVPN server: IP is now 10.8.0.2

Server log

Additional information can be found in OpenVPN documentation.

client-config-dir

“This file can specify a fixed IP address for a given client using –ifconfig-push, as well as fixed subnets owned by the
client using –iroute.” https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-
manpage.html

ifconfig-push

„Push virtual IP endpoints for client tunnel, overriding the –ifconfig-pool dynamic allocation.”
https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

You might also like